PT-2020-5180 · Linux+4 · Linux Kernel+4
Giuseppe Scrivano
·
Published
2020-06-02
·
Updated
2023-05-17
·
CVE-2020-16120
CVSS v3.1
5.1
Medium
| Vector | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 4.19 through 5.7
Description
The issue is related to a lack of proper permission checking in overlayfs, allowing an unprivileged user to copy files to a mountpoint they control, potentially accessing files not readable by them. This could be exploited within a user namespace if unprivileged user namespaces are allowed. The problem was introduced in kernel version 4.19 and fixed in kernel version 5.8. There is no estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.
Recommendations
For Linux kernel versions 4.19 through 5.7, update to kernel version 5.8 or later to resolve the issue.
As a temporary workaround, consider restricting the use of overlayfs within user namespaces until a patch is available.
Avoid using removable devices as mountpoints controlled by unprivileged users in affected kernel versions.
At the moment, there is no additional information about other mitigation measures.
Fix
Incorrect Privilege Assignment
Information Disclosure
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu