CVE Vulnerabilities

CVE-2016-2853

Improper Privilege Management

Published: May 02, 2016 | Modified: Apr 18, 2022
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
Ubuntu
LOW

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 3.0.0 (including) 3.19.8 (including)
Linux_kernel Linux 4.0.0 (including) 4.20.15 (including)
Linux Ubuntu esm-infra-legacy/trusty *
Linux Ubuntu esm-infra/xenial *
Linux Ubuntu precise *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu vivid/ubuntu-core *
Linux Ubuntu wily *
Linux Ubuntu xenial *
Linux Ubuntu yakkety *
Linux-allwinner Ubuntu upstream *
Linux-allwinner-5.19 Ubuntu upstream *
Linux-armadaxp Ubuntu precise *
Linux-aws Ubuntu esm-infra/xenial *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-5.11 Ubuntu upstream *
Linux-aws-5.13 Ubuntu upstream *
Linux-aws-5.19 Ubuntu upstream *
Linux-aws-5.3 Ubuntu upstream *
Linux-aws-5.8 Ubuntu upstream *
Linux-aws-6.2 Ubuntu upstream *
Linux-aws-6.5 Ubuntu upstream *
Linux-aws-fips Ubuntu fips-updates/bionic *
Linux-aws-fips Ubuntu fips/bionic *
Linux-azure-5.11 Ubuntu upstream *
Linux-azure-5.13 Ubuntu upstream *
Linux-azure-5.19 Ubuntu upstream *
Linux-azure-5.8 Ubuntu upstream *
Linux-azure-6.2 Ubuntu upstream *
Linux-azure-6.5 Ubuntu upstream *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde-5.19 Ubuntu upstream *
Linux-azure-fde-6.2 Ubuntu upstream *
Linux-azure-fips Ubuntu fips-updates/bionic *
Linux-azure-fips Ubuntu fips/bionic *
Linux-dell300x Ubuntu upstream *
Linux-euclid Ubuntu xenial *
Linux-fips Ubuntu fips-updates/bionic *
Linux-fips Ubuntu fips-updates/xenial *
Linux-fips Ubuntu fips/bionic *
Linux-fips Ubuntu fips/xenial *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu vivid/stable-phone-overlay *
Linux-flo Ubuntu wily *
Linux-flo Ubuntu xenial *
Linux-flo Ubuntu yakkety *
Linux-gcp Ubuntu esm-infra/xenial *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu bionic *
Linux-gcp-4.15 Ubuntu esm-infra/bionic *
Linux-gcp-5.11 Ubuntu upstream *
Linux-gcp-5.13 Ubuntu upstream *
Linux-gcp-5.19 Ubuntu upstream *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-5.8 Ubuntu upstream *
Linux-gcp-6.2 Ubuntu upstream *
Linux-gcp-6.5 Ubuntu upstream *
Linux-gcp-fips Ubuntu fips-updates/bionic *
Linux-gcp-fips Ubuntu fips/bionic *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu esm-infra/bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu bionic *
Linux-gke-5.0 Ubuntu upstream *
Linux-gke-5.15 Ubuntu focal *
Linux-gke-5.15 Ubuntu upstream *
Linux-gke-5.3 Ubuntu upstream *
Linux-gke-5.4 Ubuntu upstream *
Linux-gkeop-5.15 Ubuntu focal *
Linux-gkeop-5.4 Ubuntu upstream *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu wily *
Linux-goldfish Ubuntu xenial *
Linux-goldfish Ubuntu yakkety *
Linux-goldfish Ubuntu zesty *
Linux-grouper Ubuntu trusty *
Linux-hwe-5.11 Ubuntu upstream *
Linux-hwe-5.13 Ubuntu upstream *
Linux-hwe-5.19 Ubuntu upstream *
Linux-hwe-5.8 Ubuntu upstream *
Linux-hwe-6.2 Ubuntu upstream *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/bionic *
Linux-hwe-edge Ubuntu upstream *
Linux-ibm Ubuntu kinetic *
Linux-ibm Ubuntu lunar *
Linux-ibm Ubuntu mantic *
Linux-intel-5.13 Ubuntu upstream *
Linux-kvm Ubuntu esm-infra/xenial *
Linux-kvm Ubuntu xenial *
Linux-linaro-omap Ubuntu precise *
Linux-linaro-shared Ubuntu precise *
Linux-linaro-vexpress Ubuntu precise *
Linux-lowlatency-hwe-5.19 Ubuntu upstream *
Linux-lowlatency-hwe-6.2 Ubuntu upstream *
Linux-lts-quantal Ubuntu precise *
Linux-lts-quantal Ubuntu precise/esm *
Linux-lts-raring Ubuntu precise *
Linux-lts-raring Ubuntu precise/esm *
Linux-lts-saucy Ubuntu precise *
Linux-lts-saucy Ubuntu precise/esm *
Linux-lts-trusty Ubuntu precise *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-utopic Ubuntu trusty/esm *
Linux-lts-vivid Ubuntu trusty *
Linux-lts-vivid Ubuntu trusty/esm *
Linux-lts-wily Ubuntu trusty *
Linux-lts-wily Ubuntu trusty/esm *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-maguro Ubuntu trusty *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu vivid/stable-phone-overlay *
Linux-mako Ubuntu wily *
Linux-mako Ubuntu xenial *
Linux-mako Ubuntu yakkety *
Linux-manta Ubuntu trusty *
Linux-manta Ubuntu wily *
Linux-nvidia-6.2 Ubuntu upstream *
Linux-oem Ubuntu upstream *
Linux-oem-5.10 Ubuntu upstream *
Linux-oem-5.14 Ubuntu focal *
Linux-oem-5.14 Ubuntu upstream *
Linux-oem-5.17 Ubuntu upstream *
Linux-oem-5.6 Ubuntu upstream *
Linux-oem-6.0 Ubuntu jammy *
Linux-oem-6.0 Ubuntu upstream *
Linux-oem-6.1 Ubuntu upstream *
Linux-oem-6.5 Ubuntu upstream *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle-5.0 Ubuntu upstream *
Linux-oracle-5.11 Ubuntu upstream *
Linux-oracle-5.13 Ubuntu upstream *
Linux-oracle-5.3 Ubuntu upstream *
Linux-oracle-5.8 Ubuntu upstream *
Linux-oracle-6.5 Ubuntu upstream *
Linux-qcm-msm Ubuntu precise *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu vivid/ubuntu-core *
Linux-raspi2 Ubuntu wily *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2 Ubuntu yakkety *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-realtime Ubuntu jammy *
Linux-riscv-5.11 Ubuntu upstream *
Linux-riscv-5.19 Ubuntu upstream *
Linux-riscv-5.8 Ubuntu upstream *
Linux-riscv-6.5 Ubuntu upstream *
Linux-snapdragon Ubuntu artful *
Linux-snapdragon Ubuntu disco *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-snapdragon Ubuntu yakkety *
Linux-snapdragon Ubuntu zesty *
Linux-starfive-5.19 Ubuntu upstream *
Linux-starfive-6.2 Ubuntu upstream *
Linux-starfive-6.5 Ubuntu upstream *
Linux-ti-omap4 Ubuntu precise *

Potential Mitigations

References