Security tracker / CVE-2021-3847

CVE-2021-3847

ovl: Copy-up from nosuid lower to suid upper could allow priv-esc

References

• Debian security tracker
• cve.org
• https://bugzilla.redhat.com/show_bug.cgi?id=2009704
• https://www.openwall.com/lists/oss-security/2021/10/14/3
• https://www.openwall.com/lists/oss-security/2021/10/20/1

Notes

 bwh> Only likely to be exploitable after commit 459c7c565ac3
 bwh> "ovl: unprivieged mounts" in 5.11-rc1, or if the
 bwh> Debian-specific module parameter permit_mounts_in_userns
 bwh> is enabled.
 carnil> According to the followups, is considered a misconfiguration of
 carnil> the mount, and not a kernel bug. Should we retire the CVE?

Bugs

Status

Branch	Status
upstream	needed
6.18-upstream-stable
6.17-upstream-stable
6.12-upstream-stable
6.6-upstream-stable
6.1-upstream-stable	needed
5.10-upstream-stable	needed
4.9-upstream-stable	ignored "EOL"
sid	needed
6.12-trixie-security	needed
6.1-bookworm-security	needed
5.10-bullseye-security	needed
4.9-stretch-security	ignored "EOL"