VDB

DEBIAN-CVE-2021-3493

DEBIAN-CVE-2021-3493 PUBLISHED CVSS 7.800000190734863 HIGH

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:14linux0, 0, 0
Debian:12linux0, 0, 0
Debian:13linux0, 0, 0
Debian:11linux0, 0, 0

Timeline

  • Apr 17, 2021 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›