CVE-2021-3847

Summary

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Affected Software

VendorProductVersion RangeStatus
n/akernelall versions up to, including, kernel 5.17affected

Weaknesses

  • CWE-281: CWE-281

ADP Enrichment

CVE Program Container

Additional References

References