Main Vulnerability Database Vulnerabilities #VU92746

Improper preservation of permissions in Linux kernel - CVE-2021-3847

Published: April 1, 2022 / Updated: April 11, 2022

Vulnerability identifier: #VU92746

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3847

CWE-ID: CWE-281

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Remediation

Install update from vendor's repository.

External links

https://www.openwall.com/lists/oss-security/2021/10/14/3
https://bugzilla.redhat.com/show_bug.cgi?id=2009704

Improper preservation of permissions in Linux kernel - CVE-2021-3847

Description

Remediation

External links

Please verify you're human