Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2016-2853

Improper Privilege Management

Published: May 02, 2016 | Modified: Apr 12, 2025
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
Ubuntu
LOW
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-2853
CWEhttps://cwe.mitre.org/data/definitions/269.html

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 3.0.0 (including) 3.19.8 (including)
Linux_kernel Linux 4.0.0 (including) 4.20.15 (including)
Linux Ubuntu esm-infra-legacy/trusty *
Linux Ubuntu esm-infra/xenial *
Linux Ubuntu precise *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu vivid/ubuntu-core *
Linux Ubuntu wily *
Linux Ubuntu xenial *
Linux Ubuntu yakkety *
Linux-allwinner Ubuntu upstream *
Linux-allwinner-5.19 Ubuntu upstream *
Linux-armadaxp Ubuntu precise *
Linux-aws Ubuntu esm-infra-legacy/trusty *
Linux-aws Ubuntu esm-infra/xenial *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-5.11 Ubuntu upstream *
Linux-aws-5.13 Ubuntu upstream *
Linux-aws-5.19 Ubuntu upstream *
Linux-aws-5.3 Ubuntu upstream *
Linux-aws-5.8 Ubuntu upstream *
Linux-aws-6.2 Ubuntu upstream *
Linux-aws-6.5 Ubuntu upstream *
Linux-aws-fips Ubuntu fips-updates/bionic *
Linux-aws-fips Ubuntu fips/bionic *
Linux-azure-5.11 Ubuntu upstream *
Linux-azure-5.13 Ubuntu upstream *
Linux-azure-5.19 Ubuntu upstream *
Linux-azure-5.8 Ubuntu upstream *
Linux-azure-6.2 Ubuntu upstream *
Linux-azure-6.5 Ubuntu upstream *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde-5.19 Ubuntu upstream *
Linux-azure-fde-6.2 Ubuntu upstream *
Linux-azure-fips Ubuntu fips-updates/bionic *
Linux-azure-fips Ubuntu fips/bionic *
Linux-dell300x Ubuntu upstream *
Linux-euclid Ubuntu xenial *
Linux-fips Ubuntu fips-updates/bionic *
Linux-fips Ubuntu fips-updates/xenial *
Linux-fips Ubuntu fips/bionic *
Linux-fips Ubuntu fips/xenial *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu vivid/stable-phone-overlay *
Linux-flo Ubuntu wily *
Linux-flo Ubuntu xenial *
Linux-flo Ubuntu yakkety *
Linux-gcp Ubuntu esm-infra/xenial *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu bionic *
Linux-gcp-4.15 Ubuntu esm-infra/bionic *
Linux-gcp-5.11 Ubuntu upstream *
Linux-gcp-5.13 Ubuntu upstream *
Linux-gcp-5.19 Ubuntu upstream *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-5.8 Ubuntu upstream *
Linux-gcp-6.2 Ubuntu upstream *
Linux-gcp-6.5 Ubuntu upstream *
Linux-gcp-fips Ubuntu fips-updates/bionic *
Linux-gcp-fips Ubuntu fips/bionic *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu esm-infra/bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu bionic *
Linux-gke-5.0 Ubuntu upstream *
Linux-gke-5.15 Ubuntu esm-infra/focal *
Linux-gke-5.15 Ubuntu focal *
Linux-gke-5.15 Ubuntu upstream *
Linux-gke-5.3 Ubuntu upstream *
Linux-gke-5.4 Ubuntu upstream *
Linux-gkeop-5.15 Ubuntu esm-infra/focal *
Linux-gkeop-5.15 Ubuntu focal *
Linux-gkeop-5.4 Ubuntu upstream *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu wily *
Linux-goldfish Ubuntu xenial *
Linux-goldfish Ubuntu yakkety *
Linux-goldfish Ubuntu zesty *
Linux-grouper Ubuntu trusty *
Linux-hwe-5.11 Ubuntu upstream *
Linux-hwe-5.13 Ubuntu upstream *
Linux-hwe-5.19 Ubuntu upstream *
Linux-hwe-5.8 Ubuntu upstream *
Linux-hwe-6.2 Ubuntu upstream *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/bionic *
Linux-hwe-edge Ubuntu upstream *
Linux-ibm Ubuntu kinetic *
Linux-ibm Ubuntu lunar *
Linux-ibm Ubuntu mantic *
Linux-ibm-5.15 Ubuntu esm-infra/focal *
Linux-ibm-5.15 Ubuntu focal *
Linux-intel-5.13 Ubuntu upstream *
Linux-intel-iot-realtime Ubuntu jammy *
Linux-kvm Ubuntu esm-infra/xenial *
Linux-kvm Ubuntu xenial *
Linux-linaro-omap Ubuntu precise *
Linux-linaro-shared Ubuntu precise *
Linux-linaro-vexpress Ubuntu precise *
Linux-lowlatency-hwe-5.19 Ubuntu upstream *
Linux-lowlatency-hwe-6.2 Ubuntu upstream *
Linux-lts-quantal Ubuntu precise *
Linux-lts-quantal Ubuntu precise/esm *
Linux-lts-raring Ubuntu precise *
Linux-lts-raring Ubuntu precise/esm *
Linux-lts-saucy Ubuntu precise *
Linux-lts-saucy Ubuntu precise/esm *
Linux-lts-trusty Ubuntu precise *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-utopic Ubuntu trusty/esm *
Linux-lts-vivid Ubuntu trusty *
Linux-lts-vivid Ubuntu trusty/esm *
Linux-lts-wily Ubuntu trusty *
Linux-lts-wily Ubuntu trusty/esm *
Linux-lts-xenial Ubuntu esm-infra-legacy/trusty *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-maguro Ubuntu trusty *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu vivid/stable-phone-overlay *
Linux-mako Ubuntu wily *
Linux-mako Ubuntu xenial *
Linux-mako Ubuntu yakkety *
Linux-manta Ubuntu trusty *
Linux-manta Ubuntu wily *
Linux-nvidia-6.2 Ubuntu upstream *
Linux-nvidia-tegra-5.15 Ubuntu esm-infra/focal *
Linux-nvidia-tegra-5.15 Ubuntu focal *
Linux-oem Ubuntu upstream *
Linux-oem-5.10 Ubuntu upstream *
Linux-oem-5.14 Ubuntu esm-infra/focal *
Linux-oem-5.14 Ubuntu focal *
Linux-oem-5.14 Ubuntu upstream *
Linux-oem-5.17 Ubuntu upstream *
Linux-oem-5.6 Ubuntu upstream *
Linux-oem-6.0 Ubuntu jammy *
Linux-oem-6.0 Ubuntu upstream *
Linux-oem-6.1 Ubuntu upstream *
Linux-oem-6.5 Ubuntu upstream *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle-5.0 Ubuntu upstream *
Linux-oracle-5.11 Ubuntu upstream *
Linux-oracle-5.13 Ubuntu upstream *
Linux-oracle-5.3 Ubuntu upstream *
Linux-oracle-5.8 Ubuntu upstream *
Linux-oracle-6.5 Ubuntu upstream *
Linux-qcm-msm Ubuntu precise *
Linux-raspi-realtime Ubuntu noble *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu vivid/ubuntu-core *
Linux-raspi2 Ubuntu wily *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2 Ubuntu yakkety *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-realtime Ubuntu jammy *
Linux-realtime Ubuntu noble *
Linux-realtime Ubuntu oracular *
Linux-riscv-5.11 Ubuntu upstream *
Linux-riscv-5.19 Ubuntu upstream *
Linux-riscv-5.8 Ubuntu upstream *
Linux-riscv-6.5 Ubuntu upstream *
Linux-snapdragon Ubuntu artful *
Linux-snapdragon Ubuntu disco *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-snapdragon Ubuntu yakkety *
Linux-snapdragon Ubuntu zesty *
Linux-starfive-5.19 Ubuntu upstream *
Linux-starfive-6.2 Ubuntu upstream *
Linux-starfive-6.5 Ubuntu upstream *
Linux-ti-omap4 Ubuntu precise *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use