← Back to team overview

kernel-packages team mailing list archive

[Bug 1528904] Re: overlay setattr vulnerability

 

I have installed VMs with the various combinations and tried the POC as
supplied with each.  I confirm that only vivid and later are exposed by
the exploit.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1528904

Title:
  overlay setattr vulnerability

Status in linux package in Ubuntu:
  Triaged

Bug description:
  http://www.openwall.com/lists/oss-security/2015/12/23/5

  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545

  This allows unprivileged users to change attributes on root-owned
  files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1528904/+subscriptions