blob: 662e748bd0da58a04c4d4fd390caf2f799bd74b9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: overlayfs fs caps privilege escalation
References:
https://www.openwall.com/lists/oss-security/2021/04/16/1
https://github.com/briskets/CVE-2021-3493
Notes:
carnil> Debian ships as well a patch to allow enable unprivileged
carnil> overlayfs mounts. Cf. #913880 present since 4.19.9-1 upload.
carnil> One needs to explicitly load the module though with
carnil> permit_mounts_in_userns (which will issue as well a security
carnil> warning).
Bugs:
upstream: released (5.11-rc1) [7c03e2cda4a584cadc398e8f6641ca9988a39d52]
6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: needed
4.19-upstream-stable: N/A "Unprivileged users cannot mount overlayfs"
4.9-upstream-stable: N/A "Unprivileged users cannot mount overlayfs"
sid: released (5.10.38-1)
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
4.9-stretch-security: N/A "Unprivileged users cannot mount overlayfs"
|
