PT-2013-3436 · Linux · Linux Kernel
Prasad Pandit
·
Published
2013-04-05
·
Updated
2023-02-13
·
CVE-2013-1858
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 3.8.3
Description
The issue allows local users to gain privileges by exploiting a flaw in the clone system-call implementation. This is achieved by calling chroot and leveraging the sharing of the / directory between a parent process and a child process when a combination of the CLONE NEWUSER and CLONE FS flags is used.
Recommendations
For Linux kernel versions prior to 3.8.3, update to version 3.8.3 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel