| Name | overlayfs_setxattr |
| CVE | CVE-2021-3493 |
| Exploit Pack | CANVAS |
| Description | overlayfs_setxattr |
| Notes | CVE Name: CVE-2021-3493 VENDOR: Ubuntu NOTES: An Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges, due to a patch carried in Ubuntu to allow unprivileged overlayfs mounts. This exploit is currently working on vulnerable versions of Ubuntu 14 - 20 The exploit was tested on: - Ubuntu Desktop 18.04 VersionsAffected: Affects vulnerable versions of Ubuntu from 14.04 to 20.10 Repeatability: Infinite References: - https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/ CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3493 Date public: 19/04/2021 CVSS: N/A |
| Learn more about the CANVAS Exploit Pack here: CANVAS |