CVE-2016-1576 (retired)

Priority
Description
The overlayfs implementation in the Linux kernel through 4.5.2 does not
properly restrict the mount namespace, which allows local users to gain
privileges by mounting an overlayfs filesystem on top of a FUSE filesystem,
and then executing a crafted setuid program.
Ubuntu-Description
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges.
Notes
 jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
  not supported on the Ubuntu Touch 14.10 and earlier preview kernels
 jdstrand> linux-lts-saucy no longer receives official support
 jdstrand> linux-lts-quantal no longer receives official support
 sbeattie> precise does not allow unprivileged user namespaces, which is
what lets an unprivileged user exploit this vulnerability; however,
the issue of copying up setuid attributes still exists in the
overlayfs codebase here, but it is a much lower priority to fix
(needs root/CAP_SYS_ADMIN to exploit).
Package
Source: linux (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (no user-namespace mounts)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-8.23)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by local-2016-1576-1
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by local-2016-1576-2
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1001.10)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1003.3)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Package
linux-krillin:ignored (was needed now end-of-life)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):released (3.13.0-79.123~precise1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1003.4)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1012.12)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
linux-vegetahd:ignored (was needed now end-of-life)
More Information

Updated: 2019-08-23 09:09:18 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)