CVE-2016-2853

NameCVE-2016-2853
DescriptionThe aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.210-1fixed
stretch (security)4.9.210-1+deb9u1fixed
buster4.19.118-2fixed
buster (security)4.19.118-2+deb10u1fixed
bullseye, sid5.7.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)3.18-1~exp1
linuxsourcewheezy(not affected)

Notes

[jessie] - linux <ignored> (Not exploitable in default configuration)
[wheezy] - linux <not-affected> (Vulnerable code is not present)
http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
https://sourceforge.net/p/aufs/mailman/message/34864744/
This depends on a user namespace creator being able to mount aufs.
jessie: Unprivileged users are not allowed to create user namespaces by default; aufs is not allowed to be mounted from a new user namespace by default.
wheezy: User namespaces are non-functional.

Search for package or bug name: Reporting problems