The fix commit (acff81e "ovl: fix permission checking for setattr") applies cleanly to Vivid (already committed), Wily, and Xenial.
By code inspection, it appears to me that the older version of overlayfs in releases <= Utopic is not vulnerable to this exploit: their ovl_setattr() already calls a copy_up first thing, like the fix patch does.
[corrected]:
The fix commit (acff81e "ovl: fix permission checking for setattr") applies cleanly to Vivid (already committed), Wily, and Xenial.
By code inspection, it appears to me that the older version of overlayfs in releases <= Utopic is not vulnerable to this exploit: their ovl_setattr() already calls a copy_up first thing, like the fix patch does.