First published: Thu Aug 12 2021(Updated: )
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
redhat/kernel | <5.14 | 5.14 |
Linux Kernel | <5.14 | |
Linux Kernel | =5.14 | |
Linux Kernel | =5.14-rc1 | |
Linux Kernel | =5.14-rc2 | |
Linux Kernel | =5.14-rc3 | |
Linux Kernel | =5.14-rc4 | |
Linux Kernel | =5.14-rc5 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3732 is classified as a medium severity vulnerability.
To fix CVE-2021-3732, update the kernel package to the recommended versions provided by your Linux distribution.
CVE-2021-3732 affects users of certain versions of the Linux kernel, specifically those utilizing OverlayFS functionality.
The impact of CVE-2021-3732 is that a local user may gain unauthorized access to hidden files.
As of now, there is no public information indicating that CVE-2021-3732 is actively being exploited in the wild.