CVE-2016-1576

Published: May 2, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Affected (8)

Products: Canonical: Ubuntu Core, Ubuntu Linux, Ubuntu Touch · Linux: Linux Kernel

3 products

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Core	Version 15.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 16.10
Canonical Ubuntu Touch	Version 15.04

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.5.2

References (16)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360

Source: security@ubuntu.com

Mailing ListPatchVendor Advisory

http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html

Source: security@ubuntu.com

Third Party Advisory

http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/

Source: security@ubuntu.com

ExploitThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/02/24/8

Source: security@ubuntu.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/10/18/1

Source: security@ubuntu.com

Mailing ListThird Party Advisory

https://bugs.launchpad.net/bugs/1535150

Source: security@ubuntu.com

Third Party Advisory

https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch

Source: security@ubuntu.com

Mailing ListPatchThird Party Advisory

https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch

Source: security@ubuntu.com

Mailing ListPatchThird Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/02/24/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/10/18/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.launchpad.net/bugs/1535150

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.