← Back

CVE-2016-1575

nvd nist
Published: May 2, 2016Modified: May 6, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Affected (8)

Linux
1 product
Linux Kernel
Canonical
3 products
Ubuntu Core
Ubuntu Linux
Ubuntu Touch
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Linux Kernel
Up to 4.5.2
Configuration B
7 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Core
Version 15.04
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 15.10
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 16.10
Ubuntu Touch
Version 15.04

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (12)

Source: security@ubuntu.com
PatchVendor Advisory
Source: security@ubuntu.com
Third Party Advisory
Source: security@ubuntu.com
ExploitThird Party Advisory
Source: security@ubuntu.com
Mailing ListThird Party Advisory
Source: security@ubuntu.com
Mailing ListThird Party Advisory
Source: security@ubuntu.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.