Design/Logic Flaw

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

CVE-2021-3493

Summary: CVE-2021-3493 is a Linux kernel overlayfs privilege-escalation issue where overlayfs does not properly validate file capabilities against user namespaces, enabling local privilege escalation on systems using unprivileged user namespaces with Ubuntu overlay patches. The vulnerability is r...

CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

CVE-2021-3493

A flaw was found in the Linux kernel. The overlayfs stacking file system does not properly validate the application of file capabilities against user namespaces. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Ubuntu: Security Advisory (USN-4917-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the linux kernel that stems from a combination of unprivileged user namespaces and patches in the Ubuntu kernel that allow for unprivileged...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4915-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4915-1 advisory. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respec...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4916-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4916-1 advisory. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities...

USN-4917-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm, linux-oem-5.10, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2-5.3 vulnerabilities

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Vincent Dehors discovered that the shiftfs file...

USN-4916-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Piotr Krysiuk discovered that the BPF JIT...

USN-4915-1: Linux kernel (OEM) vulnerabilities

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Vincent Dehors discovered that the shiftfs file...

UBUNTU-CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

Kubernetes Namespaces Are Not as Secure as You Think

In a previous article, we described how the usage of namespaces in Kubernetes significantly simplifies the management of a Kubernetes cluster. However, managing multiple microservices on the same cluster comes with a security cost when not planned correctly. A common misconception around namespac...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-1678)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.CVE-2020-28366 - Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument...

Misinterpretation of malicious XML input

Overview Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Workarounds...

Misinterpretation of malicious XML input

Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...

GHSA-H6Q6-9HQW-RWFV Misinterpretation of malicious XML input

Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...

DEBIAN-CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...