kernel: Overlayfs in the Linux kernel and shiftfs not restoring original value on error leading to a refcount underflow

A flaw was found in the Linux kernel. In Overlayfs, vma-vmfile was replaced in the mmap handlers and, on errors, the original value is not restored. A local attacker with special user privilege or root can cause a kernel internal information leak. The highest threat from this vulnerability is to...

USN-4915-1 linux-oem-5.6 vulnerabilities

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Vincent Dehors discovered that the shiftfs file...

USN-4209-1 linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities

Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary...