CVE-2016-1576 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2016-1576?

CVE-2016-1576 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-1576?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Core, Canonical Ubuntu Linux, Canonical Ubuntu Touch, Linux Linux Kernel.

Vulnerability Description

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Core	15.04
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Touch	15.04
Linux	Linux Kernel	<= 4.5.2

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57eMailing ListPatchVendor Advisory
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.htmlThird Party Advisory
http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ExploitThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/24/8Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/18/1Mailing ListThird Party Advisory
https://bugs.launchpad.net/bugs/1535150Third Party Advisory
https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-coMailing ListPatchThird Party Advisory
https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-loMailing ListPatchThird Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57eMailing ListPatchVendor Advisory
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.htmlThird Party Advisory
http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ExploitThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/24/8Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/18/1Mailing ListThird Party Advisory
https://bugs.launchpad.net/bugs/1535150Third Party Advisory
https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-coMailing ListPatchThird Party Advisory

FAQ

What is CVE-2016-1576?

CVE-2016-1576 is a vulnerability with a CVSS score of 7.8 (HIGH). The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of...

How severe is CVE-2016-1576?

CVE-2016-1576 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1576?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Core, Canonical Ubuntu Linux, Canonical Ubuntu Touch, Linux Linux Kernel.