Lucene search

K
osvGoogleOSV:USN-4915-1
HistoryApr 15, 2021 - 10:22 p.m.

linux-oem-5.6 vulnerabilities

2021-04-1522:22:20
Google
osv.dev
14
linux kernel
vulnerabilities
overlayfs
shiftfs
security
local attacker
elevated privileges
denial of service
memory exhaustion
arbitrary code

AI Score

7.3

Confidence

High

EPSS

0.008

Percentile

82.3%

It was discovered that the overlayfs implementation in the Linux kernel did
not properly validate the application of file system capabilities with
respect to user namespaces. A local attacker could use this to gain
elevated privileges. (CVE-2021-3493)

Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux
kernel did not properly handle faults in copy_from_user() when passing
through ioctls to an underlying file system. A local attacker could use
this to cause a denial of service (memory exhaustion) or execute arbitrary
code. (CVE-2021-3492)