Home

CVE-2015-8660

Description

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Risk Information

Base Score
6.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
63.462

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (USN-2857-1) linux-image-3.19.0-43-generic_3.19.0-43.49_i386.debLinux
Linux kernel (USN-2857-1) linux-image-3.19.0-43-generic_3.19.0-43.49_amd64.debLinux
Linux kernel (USN-2857-1) linux-image-3.19.0-43-lowlatency_3.19.0-43.49_i386.debLinux
Linux kernel (USN-2857-1) linux-image-3.19.0-43-lowlatency_3.19.0-43.49_amd64.debLinux
Linux hardware enablement kernel from Vivid (USN-2857-2) linux-image-3.19.0-43-generic_3.19.0-43.49~14.04.1_i386.debLinux
Linux hardware enablement kernel from Vivid (USN-2857-2) linux-image-3.19.0-43-generic_3.19.0-43.49~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Vivid (USN-2857-2) linux-image-3.19.0-43-lowlatency_3.19.0-43.49~14.04.1_i386.debLinux
Linux hardware enablement kernel from Vivid (USN-2857-2) linux-image-3.19.0-43-lowlatency_3.19.0-43.49~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Wily (USN-2858-2) linux-image-4.2.0-23-generic_4.2.0-23.28~14.04.1_i386.debLinux
Linux hardware enablement kernel from Wily (USN-2858-2) linux-image-4.2.0-23-generic_4.2.0-23.28~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Wily (USN-2858-2) linux-image-4.2.0-23-lowlatency_4.2.0-23.28~14.04.1_i386.debLinux
Linux hardware enablement kernel from Wily (USN-2858-2) linux-image-4.2.0-23-lowlatency_4.2.0-23.28~14.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234