Vulnerability Details : CVE-2021-3493
Public exploit exists!
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Products affected by CVE-2021-3493
- cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:-:*:*:*
CVE-2021-3493 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Linux Kernel Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.
Notes:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52; https://nvd.nist.gov/vuln/detail/CVE-2021-3493
Added on
2022-10-20
Action due date
2022-11-10
Exploit prediction scoring system (EPSS) score for CVE-2021-3493
0.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-3493
-
2021 Ubuntu Overlayfs LPE
Disclosure Date: 2021-04-12First seen: 2022-12-23exploit/linux/local/cve_2021_3493_overlayfsThis module exploits a vulnerability in Ubuntu's implementation of overlayfs. The vulnerability is the result of failing to verify the ability of a user to set the attributes in a running executable. Specifically, when Overlayfs sends the set attributes data
CVSS scores for CVE-2021-3493
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
Canonical Ltd. |
CWE ids for CVE-2021-3493
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
-
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.Assigned by: security@ubuntu.com (Secondary)
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-3493
-
https://ubuntu.com/security/notices/USN-4917-1
USN-4917-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuVendor Advisory
-
https://www.openwall.com/lists/oss-security/2021/04/16/1
oss-security - [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalationMailing List;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Third Party Advisory
-
http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
Kernel Live Patch Security Notice LSN-0076-1 ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html
Ubuntu Overlayfs Local Privilege Escalation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html
Ubuntu OverlayFS Local Privilege Escalation ≈ Packet StormThird Party Advisory;VDB Entry
Jump to