First published: Mon May 02 2016(Updated: )
Last updated 29 November 2024
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=3.0.0<=3.19.8 | |
Linux Linux kernel | >=4.0.0<=4.20.15 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2016-2853.
The title of the vulnerability is 'The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace'.
The description of the vulnerability is 'The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.'
The vulnerability affects the Linux kernel versions 3.x and 4.x.
Attackers can exploit this vulnerability by mounting an aufs filesystem on top of a FUSE filesystem and then executing a crafted setuid program.