Improper preservation of permissions in Linux kernel - CVE-2021-3847

 

Improper preservation of permissions in Linux kernel - CVE-2021-3847

Published: April 1, 2022 / Updated: April 11, 2022


Vulnerability identifier: #VU92746
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-3847
CWE-ID: CWE-281
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code.

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.


How to mitigate CVE-2021-3847

Install update from vendor's repository.

Sources