USN-4915-1

Details

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493)

Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code. (CVE-2021-3492)

Affected Packages

Ubuntu:20.04:LTSlinux-oem-5.6

Fixed in:

5.6.0-1054.58

References

REPORThttps://ubuntu.com/security/CVE-2021-3492 REPORThttps://ubuntu.com/security/CVE-2021-3493 ADVISORYhttps://ubuntu.com/security/notices/USN-4915-1

USN-4915-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline