blob: 920ef556e5f7989422368635a63e9e165b38f41d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Description: overlayfs fs caps privilege escalation
References:
https://www.openwall.com/lists/oss-security/2021/04/16/1
https://github.com/briskets/CVE-2021-3493
Notes:
carnil> Debian ships as well a patch to allow enable unprivileged
carnil> overlayfs mounts. Cf. #913880 present since 4.19.9-1 upload.
carnil> One needs to explicitly load the module though with
carnil> permit_mounts_in_userns (which will issue as well a security
carnil> warning).
Bugs:
upstream: released (5.11-rc1) [7c03e2cda4a584cadc398e8f6641ca9988a39d52]
5.10-upstream-stable: needed
4.19-upstream-stable: needed
4.9-upstream-stable: N/A "Unprivileged users cannot mount overlayfs"
sid: released (5.10.38-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
4.9-stretch-security: N/A "Unprivileged users cannot mount overlayfs"
|
