CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Published: May 2, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1576
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_touch	15.04	15.04.x
canonical / ubuntu_linux	16.10	16.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_core	15.04	15.04.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	15.10	15.10.x
canonical / ubuntu_linux	14.04	14.04.x
linux / linux_kernel	-	4.5.2.x

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html
http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/
http://www.openwall.com/lists/oss-security/2016/02/24/8
http://www.openwall.com/lists/oss-security/2021/10/18/1
https://bugs.launchpad.net/bugs/1535150
https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch
https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch

Vulnerability Database

289,784

CVE-2016-1576