CVE-2021-3493

Description from NVD

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Information Acquisition Date:2022-10-24T14:55Z
CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD References

 https://www.openwall.com/lists/oss-security/2021/04/16/1
     source:MISC
     tags:Mailing List    Third Party Advisory    
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52
     source:MISC
     tags:Mailing List    Patch    Third Party Advisory    
 https://ubuntu.com/security/notices/USN-4917-1
     source:MISC
     tags:Vendor Advisory    
 http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...223
https://cvetrends.com50
https://lists.astaro.com/ASGV9-IPS-rules.html#015
http://twinybots.ch12
https://noticiasseguridad.com/vulnerabilidades/parche-cve-2...6
https://github.com/briskets/CVE-2021-34934
https://twitter.com/0dayCTF/status/13843034617940828274
https://securityaffairs.co/wordpress/137454/security/cve-20...4
https://tryhackme.com/room/overlayfs3
https://www.openwall.com/lists/oss-security/2021/04/16/13
https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/3
https://packetstormsecurity.com/files/162866/CVE-2021-3493.tgz3

Information from Twitter

User URL Info Source Date
Admarnelson https://tryhackme.com/room/overlayfs Source Admarnelson      1640298883338194946 2023/03/27
Shiavnshu_Gupta https://tryhackme.com/room/overlayfs Source Shiavnshu_Gupta 1646475761237528578 2023/04/13

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com223
cvetrends.com50
lists.astaro.com15
twinybots.ch12
noticiasseguridad.com6
github.com4
twitter.com4
securityaffairs.co4
tryhackme.com3
www.openwall.com3
ssd-disclosure.com3
packetstormsecurity.com3

Information from Twitter

User URL Info Source
Admarnelson tryhackme.com Show Tweet
Shiavnshu_Gupta tryhackme.com Show Tweet
GitHub Search Results: Up to 10
NameURL
briskets/CVE-2021-3493 https://github.com/briskets/CVE-2021-3493
inspiringz/CVE-2021-3493 https://github.com/inspiringz/CVE-2021-3493
oneoy/CVE-2021-3493 https://github.com/oneoy/CVE-2021-3493
AmIAHuman/OverlayFS-CVE-2021-3493 https://github.com/AmIAHuman/OverlayFS-CVE-2021-3493
derek-turing/CVE-2021-3493 https://github.com/derek-turing/CVE-2021-3493
Abdennour-py/CVE-2021-3493 https://github.com/Abdennour-py/CVE-2021-3493
puckiestyle/CVE-2021-3493 https://github.com/puckiestyle/CVE-2021-3493
Ishan3011/CVE-2021-3493 https://github.com/Ishan3011/CVE-2021-3493
cerodah/overlayFS-CVE-2021-3493 https://github.com/cerodah/overlayFS-CVE-2021-3493
GitHub Search Results: Up to 10
NameURL
briskets/CVE-2021-3493 github.com
inspiringz/CVE-2021-3493 github.com
oneoy/CVE-2021-3493 github.com
AmIAHuman/OverlayFS-CVE-2021-3493 github.com
derek-turing/CVE-2021-3493 github.com
Abdennour-py/CVE-2021-3493 github.com
puckiestyle/CVE-2021-3493 github.com
Ishan3011/CVE-2021-3493 github.com
cerodah/overlayFS-CVE-2021-3493 github.com
2023/04/13 Score : 0
Added Har-sia Database : 2021/04/16
Last Modified : 2023/04/13
Highest Scored Date : 2022/10/21
Highest Score : 28