VDB
CVE-2016-1576
CVE-2016-1576
PUBLISHED
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
EPSS 0.35% · 57.9th percentile
Risk Scores
EPSS Score
0.35%
57.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | linux-lts-vivid | *, 3.19.0-18.18~14.04.1, 3.19.0-20.20~14.04.1 |
| Ubuntu:14.04:LTS | linux-lts-utopic | 3.16.0-50.67~14.04.1, 3.16.0-52.71~14.04.1, 3.16.0-53.72~14.04.1 |
| Ubuntu:14.04:LTS | linux-lts-wily | 4.2.0-18.22~14.04.1, 4.2.0-19.23~14.04.1, 0 |
| Ubuntu:14.04:LTS | linux | 3.13.0-65.105, 3.13.0-66.108, 3.13.0-67.110 |
Exploit Intelligence
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360 (circl)
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html (circl)
- [oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up (circl)
- [oss-security] 20160224 Overlayfs over Fuse Privilege Escalation in USERNS (circl)
- https://bugs.launchpad.net/bugs/1535150 (circl)
…and 5 more exploits
Timeline
- Feb 22, 2016 CVE Published
- Mar 29, 2017 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-1576 third-party-advisory
- http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ third-party-advisory
- https://ubuntu.com/security/notices/USN-2910-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2908-3 vendor-advisory
- https://ubuntu.com/security/notices/USN-2908-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2907-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2909-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2907-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-2908-2 vendor-advisory
- https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/trusty/commit/?id=ce550fb847b34553e63ee95386de59a1096fbfc4 third-party-advisory
- https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/trusty/commit/?id=d77014a9527a4544797b9f1f2026b8e9fe032355 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-1576 third-party-advisory