CVE-2021-3493
unknown
KEV
CVSS v3
—
CVSS v2
—
VIR risk
1.5
Description
The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.
CISA KEV
- Vendor
- Linux
- Product
- Kernel
- Due date
- 2022-11-10
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52; https://nvd.nist.gov/vuln/detail/CVE-2021-3493
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-3493
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2021-3493.html
Exploits
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 5.10.38-1 |
| debian | bullseye | fixed | 5.10.38-1 |
| debian | forky | fixed | 5.10.38-1 |
| debian | sid | fixed | 5.10.38-1 |
| debian | trixie | fixed | 5.10.38-1 |
References
Verify integrity in audit chain (admin only). AS-IS.