CVE 2016-2853
The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
Related bugs and status
CVE-2016-2853 (Candidate) is related to these bugs:
Bug #1547400: CVE-2016-2853
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1547400 | CVE-2016-2853 | linux (Ubuntu) | Low | Confirmed | ||
1547400 | CVE-2016-2853 | linux-lts-trusty (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-armadaxp (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-xenial (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-wily (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-goldfish (Ubuntu) | Low | New | ||
1547400 | CVE-2016-2853 | linux-lts-saucy (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-quantal (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-raspi2 (Ubuntu) | Low | New | ||
1547400 | CVE-2016-2853 | linux-lts-vivid (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux (Ubuntu Precise) | Low | Won't Fix | ||
1547400 | CVE-2016-2853 | linux-armadaxp (Ubuntu Precise) | Low | Won't Fix | ||
1547400 | CVE-2016-2853 | linux-goldfish (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-quantal (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-saucy (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-trusty (Ubuntu Precise) | Low | Won't Fix | ||
1547400 | CVE-2016-2853 | linux-lts-vivid (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-wily (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-xenial (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-raspi2 (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux (Ubuntu Trusty) | Low | New | ||
1547400 | CVE-2016-2853 | linux-armadaxp (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-goldfish (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-quantal (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-saucy (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-trusty (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-vivid (Ubuntu Trusty) | Low | New | ||
1547400 | CVE-2016-2853 | linux-lts-wily (Ubuntu Trusty) | Low | New | ||
1547400 | CVE-2016-2853 | linux-lts-xenial (Ubuntu Trusty) | Low | New | ||
1547400 | CVE-2016-2853 | linux-raspi2 (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux (Ubuntu Wily) | Low | New | ||
1547400 | CVE-2016-2853 | linux-armadaxp (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-goldfish (Ubuntu Wily) | Low | New | ||
1547400 | CVE-2016-2853 | linux-lts-quantal (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-saucy (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-trusty (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-vivid (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-wily (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-xenial (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-raspi2 (Ubuntu Wily) | Low | New | ||
1547400 | CVE-2016-2853 | linux (Ubuntu Xenial) | Low | Confirmed | ||
1547400 | CVE-2016-2853 | linux-armadaxp (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-goldfish (Ubuntu Xenial) | Low | New | ||
1547400 | CVE-2016-2853 | linux-lts-quantal (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-saucy (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-trusty (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-vivid (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-wily (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-xenial (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-raspi2 (Ubuntu Xenial) | Low | New | ||
1547400 | CVE-2016-2853 | linux-mako (Ubuntu) | Low | New | ||
1547400 | CVE-2016-2853 | linux-mako (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-mako (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-mako (Ubuntu Wily) | Low | New | ||
1547400 | CVE-2016-2853 | linux-mako (Ubuntu Xenial) | Low | New | ||
1547400 | CVE-2016-2853 | linux-ti-omap4 (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-ti-omap4 (Ubuntu Precise) | Low | Won't Fix | ||
1547400 | CVE-2016-2853 | linux-ti-omap4 (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-ti-omap4 (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-ti-omap4 (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-utopic (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-utopic (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-utopic (Ubuntu Trusty) | Low | New | ||
1547400 | CVE-2016-2853 | linux-lts-utopic (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-utopic (Ubuntu Xenial) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-flo (Ubuntu) | Low | New | ||
1547400 | CVE-2016-2853 | linux-flo (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-flo (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-flo (Ubuntu Wily) | Low | New | ||
1547400 | CVE-2016-2853 | linux-flo (Ubuntu Xenial) | Low | New | ||
1547400 | CVE-2016-2853 | linux-lts-raring (Ubuntu) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-raring (Ubuntu Precise) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-raring (Ubuntu Trusty) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-raring (Ubuntu Wily) | Low | Invalid | ||
1547400 | CVE-2016-2853 | linux-lts-raring (Ubuntu Xenial) | Low | Invalid |
See the
CVE page on Mitre.org
for more details.