CVE Vulnerabilities

CVE-2013-1956

Published: Apr 24, 2013 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 3.8.2 3.8.2
Linux_kernel Linux 3.8.0 3.8.0
Linux_kernel Linux * 3.8.5
Linux_kernel Linux 3.8.1 3.8.1
Linux_kernel Linux 3.8.3 3.8.3
Linux_kernel Linux 3.8.4 3.8.4

References