CVE 2016-2854
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
Related bugs and status
CVE-2016-2854 (Candidate) is related to these bugs:
Bug #1554262: CVE-2016-2854
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1554262 | CVE-2016-2854 | linux (Ubuntu) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-ti-omap4 (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-raspi2 (Ubuntu) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux (Ubuntu Xenial) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-raspi2 (Ubuntu Xenial) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-ti-omap4 (Ubuntu Xenial) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux (Ubuntu Wily) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-raspi2 (Ubuntu Wily) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-ti-omap4 (Ubuntu Wily) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux (Ubuntu Vivid) | Low | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-raspi2 (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-ti-omap4 (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux (Ubuntu Trusty) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-raspi2 (Ubuntu Trusty) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-ti-omap4 (Ubuntu Trusty) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux (Ubuntu Precise) | Low | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-raspi2 (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-ti-omap4 (Ubuntu Precise) | Low | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-lts-trusty (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-trusty (Ubuntu Precise) | Low | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-lts-trusty (Ubuntu Trusty) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-trusty (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-lts-trusty (Ubuntu Wily) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-trusty (Ubuntu Xenial) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-armadaxp (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-armadaxp (Ubuntu Precise) | Low | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-armadaxp (Ubuntu Trusty) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-armadaxp (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-armadaxp (Ubuntu Wily) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-armadaxp (Ubuntu Xenial) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-xenial (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-xenial (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-xenial (Ubuntu Trusty) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-lts-xenial (Ubuntu Vivid) | Undecided | New | ||
| 1554262 | CVE-2016-2854 | linux-lts-xenial (Ubuntu Wily) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-xenial (Ubuntu Xenial) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-wily (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-wily (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-wily (Ubuntu Trusty) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-lts-wily (Ubuntu Vivid) | Undecided | New | ||
| 1554262 | CVE-2016-2854 | linux-lts-wily (Ubuntu Wily) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-wily (Ubuntu Xenial) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-goldfish (Ubuntu) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-goldfish (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-goldfish (Ubuntu Trusty) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-goldfish (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-goldfish (Ubuntu Wily) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-goldfish (Ubuntu Xenial) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-lts-saucy (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-saucy (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-saucy (Ubuntu Trusty) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-saucy (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-lts-saucy (Ubuntu Wily) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-saucy (Ubuntu Xenial) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-quantal (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-quantal (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-quantal (Ubuntu Trusty) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-quantal (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-lts-quantal (Ubuntu Wily) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-quantal (Ubuntu Xenial) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-vivid (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-vivid (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-vivid (Ubuntu Trusty) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-lts-vivid (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-lts-vivid (Ubuntu Wily) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-vivid (Ubuntu Xenial) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-mako (Ubuntu) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-mako (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-mako (Ubuntu Trusty) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-mako (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1554262 | CVE-2016-2854 | linux-mako (Ubuntu Wily) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-mako (Ubuntu Xenial) | Low | New | ||
| 1554262 | CVE-2016-2854 | linux-lts-utopic (Ubuntu) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-utopic (Ubuntu Precise) | Low | Invalid | ||
| 1554262 | CVE-2016-2854 | linux-lts-utopic (Ubuntu Trusty) | Low | New | ||
See the 
CVE page on Mitre.org
for more details.
