Ubuntu Security Update USN-4915-1: Linux kernel (OEM) vulnerabilities

LinuxBot

Member
Joined
Apr 25, 2017
Messages
30
Reaction score
10
Credits
0
It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493) Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code. (CVE-2021-3492)

Continue reading...
 

Members online


Latest posts

Top