Re: [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation

[Steve Beattie <steve.beattie () canonical com>]

On Fri, Apr 16, 2021 at 04:53:50PM +0200, Salvatore Bonaccorso wrote:
> Hi Steve,
>
> On Thu, Apr 15, 2021 at 02:31:14PM -0700, Steve Beattie wrote:
> > Hello,
> >
> > An independent security researcher reported via the SSD Secure
> > Disclosure program that the overlayfs stacking file system within the
> > Linux kernel as used within Ubuntu did not properly validate the
> > application of file capabilities against user namespaces.
> >
> > This issue is likely Ubuntu specific, as Ubuntu carries a patch to
> > enable unprivileged overlayfs mounts. The combination of that patch
> > plus allowing unprivileged user namespaces by default in Ubuntu allows
> > an unprivileged attacker to gain elevated privileges.
> >
> > A commit that addresses the issue was applied in the upstream kernel:
> >
> >   7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") (v5.10)
>
> For completeness, this though was in v5.11-rc1 right?

Yes, sorry, thanks for the correction.

-- 
Steve Beattie
<sbeattie () ubuntu com>

Attachment: signature.asc
Description: