Description: Privilege escalation through userns, overlay mounts and setgid flag References: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ Notes: bwh> The exploit depends on unprivileged users being able to create user bwh> namespaces (disallowed by default in Debian) and being able to mount bwh> overlayfs within a user namespace (only allowed in Ubuntu). But it's bwh> possible that an administrator might accidentally set up a bwh> configuration that is exploitable. bwh> jessie is affected by a similar issue with aufs substituting for bwh> overlayfs. Bugs: upstream: released (4.5-rc1) [e9f57ebcba563e0cd532926cab83c92bb4d79360] 3.16-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)" 3.2-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)" sid: released (4.5.1-1) 3.16-jessie-security: N/A "Vulnerable code not present" 3.2-wheezy-security: N/A "Vulnerable code not present"