blob: 067b8164ec533478bac08ed7f4b8b18a2b5563a7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: ovl: Copy-up from nosuid lower to suid upper could allow priv-esc
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2009704
https://www.openwall.com/lists/oss-security/2021/10/14/3
Notes:
bwh> Only likely to be exploitable after commit 459c7c565ac3
bwh> "ovl: unprivieged mounts" in 5.11-rc1, or if the
bwh> Debian-specific module parameter permit_mounts_in_userns
bwh> is enabled.
Bugs:
upstream: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
4.9-upstream-stable: needed
sid: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
4.9-stretch-security: needed
|