SB2020021926 - Missing authorization in Linux kernel
Published: February 19, 2020 Updated: June 20, 2024
Security Bulletin ID
SB2020021926
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Missing authorization (CVE-ID: CVE-2012-0055)
The vulnerability allows a local user to execute arbitrary code.
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
Remediation
Install update from vendor's website.
References
- http://www.openwall.com/lists/oss-security/2012/01/17/11
- http://www.ubuntu.com/usn/USN-1363-1
- http://www.ubuntu.com/usn/USN-1364-1
- http://www.ubuntu.com/usn/USN-1384-1
- https://access.redhat.com/security/cve/cve-2012-0055
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055