ubuntu overlays privesc vulnerability
Security Research

Ubuntu OverlayFS Local Privesc Vulnerability

The CVE-2021-3493 is an Ubuntu-specific issue in the overlayfs file system in the Linux kernel where there is a lack of proper validation of the application file system capabilities to user namespaces. A local attacker could use this to gain elevated privileges, due to a patch carried in Ubuntu to allow unprivileged overlayfs mounts.

Key Pointers:
  • Understanding important key points used throughout the paper
  • The severity and scope of impact of this vulnerability
  • Learning about the mitigations for different Ubuntu versions
  • Setting up the lab environment and demonstrating the exploitation method

Brands that
trust our competence

Explore more
kfc logo
discover logo
adp logo
adbed bath beyond logo
expedia logo
chipotle logo
molina
Mosaic Insurance logo
dell logo
fannie-mae logo
 maersk logo
 gsk logo
 wiz logo
 bt logo