CVE-2021-3493 is a vulnerability in Canonical Ubuntu Linux
Published on April 17, 2021
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Known Exploited Vulnerability
This Linux Kernel Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.
The following remediation steps are recommended / required by November 10, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2021-3493 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Privilege Context Switching Error
The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
Products Associated with CVE-2021-3493
Want to know whenever a new CVE is published for Canonical Ubuntu Linux? stack.watch will email you.
Affected Versions
Ubuntu linux kernel:- Version 5.8 kernel and below 5.8.0-50.56 is affected.
- Version 5.4 kernel and below 5.4.0-72.80 is affected.
- Version 4.15 kernel and below 4.15.0-142.146 is affected.
- Version 4.4 kernel and below 4.4.0-209.241 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.