oss-sec mailing list archives
CVE request -- linux kernel: overlay: fix permission checking for setattr
From: Vladis Dronov <vdronov () redhat com>
Date: Wed, 23 Dec 2015 11:55:14 -0500 (EST)
Hello, If possible, we would like to obtain a CVE-ID for the following security issue. I was not able to find an already-assigned CVE-ID for this. A flaw was found in the overlay filesystem of the Linux kernel which allows an unprivileged user to change attributes of the files in the overlay, particularly allowing access to root-only-accessible files like '/etc/shadow'. References: https://bugzilla.redhat.com/show_bug.cgi?id=1291329 - Red Hat public Bugzilla https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 - an upstream Linux kernel commit fixing the issue. Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE request -- linux kernel: overlay: fix permission checking for setattr Vladis Dronov (Dec 23)
- Re: CVE request -- linux kernel: overlay: fix permission checking for setattr cve-assign (Dec 23)