CVE-2016-2853

About vulnerability

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Affected product:

AlmaLinux 8 , CentOS 6 , CentOS 6 plus , CentOS 7 , CentOS 7 plus , CentOS 8 , CloudLinux OS 6 , CloudLinux OS 6h , CloudLinux OS 7 , CloudLinux OS 7h , CloudLinux OS 8 , Debian 10 , Debian 10 cloud , Debian 8 , Debian 9 , Endurance 7 eig 3.10 , OpenVZ 6 , Proxmox VE 5 , Proxmox VE 6 , RHEL 6 , RHEL 7 , RHEL 8 , Rocky Linux 8 , Scientific 6 , Ubuntu 14.04 , Ubuntu 14.04 ESM , Ubuntu 16.04 , Ubuntu 16.04 ELS , Ubuntu 16.04 ESM , Ubuntu 18.04 , Ubuntu 19.04 , Ubuntu 19.10 , Ubuntu 20.04

Affected packages:

linux-hwe-5.8 @ - (+60 more)

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.