4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
overlayfs uses insecure access control. Insufficient permission checking when copying up files in an overlayfs. An attacker is able to exploit the vulnerability to obtain read access to files on the system. that they would not normally be permitted to access.
git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8
git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f
git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d
git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84
git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52
launchpad.net/bugs/1894980
launchpad.net/bugs/1900141
ubuntu.com/USN-4576-1
ubuntu.com/USN-4577-1
ubuntu.com/USN-4578-1
www.openwall.com/lists/oss-security/2020/10/13/6
www.openwall.com/lists/oss-security/2020/10/14/2
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N