CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_core:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_touch:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Information

Published : 2016-05-02 10:59

Updated : 2021-10-18 21:15


NVD link : CVE-2016-1576

Mitre link : CVE-2016-1576


JSON object : View

Products Affected

canonical

  • ubuntu_touch
  • ubuntu_linux
  • ubuntu_core

linux

  • linux_kernel
CWE
CWE-264

Permissions, Privileges, and Access Controls