CVE-2020-16120
Description
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (ovl: stack file ops). This was fixed in kernel version 5.8 by commits 56230d9 (ovl: verify permissions in ovl_path_open()), 48bd024 (ovl: switch to mounter creds in readdir) and 05acefb (ovl: check permission to open real file). Additionally, commits 130fdbc (ovl: pass correct flags for opening real directory) and 292f902 (ovl: call secutiry hook in ovl_real_ioctl()) in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (ovl: do not fail because of O_NOATIMEi) in kernel 5.11.
Risk Information
Base Score
4.4
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.047
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-4576-1) linux-image-aws_5.4.0.1028.13_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-aws_5.4.0.1028.29_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-gcp_5.4.0.1028.16_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-gcp_5.4.0.1028.36_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-gke_5.4.0.1028.36_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-kvm_5.4.0.1026.24_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-oem_5.4.0.51.54_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-azure_5.4.0.1031.13_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-azure_5.4.0.1031.29_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-oracle_5.4.0.1028.12_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-oracle_5.4.0.1028.25_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-generic_5.4.0.51.54_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-virtual_5.4.0.51.54_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-oem-osp1_5.4.0.51.54_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-lowlatency_5.4.0.51.54_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1026-kvm_5.4.0-1026.27_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1028-aws_5.4.0-1028.29_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1028-aws_5.4.0-1028.29~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1028-gcp_5.4.0-1028.29_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1028-gcp_5.4.0-1028.29~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1031-azure_5.4.0-1031.32_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1031-azure_5.4.0-1031.32~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-51-generic_5.4.0-51.56_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-51-generic_5.4.0-51.56~18.04.1_i386.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-51-generic_5.4.0-51.56~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1028-oracle_5.4.0-1028.29_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-1028-oracle_5.4.0-1028.29~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-generic-hwe-18.04_5.4.0.51.56~18.04.45_i386.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-generic-hwe-18.04_5.4.0.51.56~18.04.45_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-generic-hwe-20.04_5.4.0.51.54_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-virtual-hwe-18.04_5.4.0.51.56~18.04.45_i386.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-virtual-hwe-18.04_5.4.0.51.56~18.04.45_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-virtual-hwe-20.04_5.4.0.51.54_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-51-lowlatency_5.4.0-51.56_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-51-lowlatency_5.4.0-51.56~18.04.1_i386.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-5.4.0-51-lowlatency_5.4.0-51.56~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-lowlatency-hwe-18.04_5.4.0.51.56~18.04.45_i386.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-lowlatency-hwe-18.04_5.4.0.51.56~18.04.45_amd64.deb | Linux |
| Linux kernel (USN-4576-1) linux-image-lowlatency-hwe-20.04_5.4.0.51.54_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-gcp_4.15.0.1086.87_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-gke_4.15.0.1072.76_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-gke_4.15.0.1086.87_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-kvm_4.15.0.1077.73_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-oem_4.15.0.120.121_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-oem_4.15.0.1099.103_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-azure_4.15.0.1098.92_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-oracle_4.15.0.1056.46_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-aws-hwe_4.15.0.1085.81_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-generic_4.15.0.121.108_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-generic_4.15.0.121.108_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-virtual_4.15.0.121.108_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-virtual_4.15.0.121.108_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-gke-4.15_4.15.0.1072.76_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-lowlatency_4.15.0.121.108_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-lowlatency_4.15.0.121.108_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-aws-lts-18.04_4.15.0.1086.88_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-gcp-lts-18.04_4.15.0.1086.104_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1072-gke_4.15.0-1072.76_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1077-kvm_4.15.0-1077.79_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1085-aws_4.15.0-1085.90~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1086-aws_4.15.0-1086.91_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1086-gcp_4.15.0-1086.98_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1086-gcp_4.15.0-1086.98~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1099-oem_4.15.0-1099.109_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-azure-lts-18.04_4.15.0.1099.72_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-oracle-lts-18.04_4.15.0.1057.67_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1098-azure_4.15.0-1098.109~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1099-azure_4.15.0-1099.110_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-generic-hwe-16.04_4.15.0.120.121_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-generic-hwe-16.04_4.15.0.120.121_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-virtual-hwe-16.04_4.15.0.120.121_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-virtual-hwe-16.04_4.15.0.120.121_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1056-oracle_4.15.0-1056.61~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-1057-oracle_4.15.0-1057.62_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-120-generic_4.15.0-120.122~16.04.1_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-120-generic_4.15.0-120.122~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-121-generic_4.15.0-121.123_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-121-generic_4.15.0-121.123_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-lowlatency-hwe-16.04_4.15.0.120.121_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-lowlatency-hwe-16.04_4.15.0.120.121_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-120-lowlatency_4.15.0-120.122~16.04.1_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-120-lowlatency_4.15.0-120.122~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-121-lowlatency_4.15.0-121.123_i386.deb | Linux |
| Linux kernel (USN-4578-1) linux-image-4.15.0-121-lowlatency_4.15.0-121.123_amd64.deb | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-4.12.14-16.34.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-base-4.12.14-16.34.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-base-debuginfo-4.12.14-16.34.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-debuginfo-4.12.14-16.34.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-debugsource-4.12.14-16.34.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-devel-4.12.14-16.34.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-devel-azure-4.12.14-16.34.1.noarch.rpm | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-source-azure-4.12.14-16.34.1.noarch.rpm | Linux |
| SUSE-SU-2020:3281-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-syms-azure-4.12.14-16.34.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-4.12.14-122.51.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-base-4.12.14-122.51.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-base-debuginfo-4.12.14-122.51.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-debuginfo-4.12.14-122.51.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-debugsource-4.12.14-122.51.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-devel-4.12.14-122.51.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-devel-debuginfo-4.12.14-122.51.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-devel-4.12.14-122.51.2.noarch.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-macros-4.12.14-122.51.2.noarch.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-source-4.12.14-122.51.2.noarch.rpm | Linux |
| SUSE-SU-2020:3326-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-syms-4.12.14-122.51.2.x86_64.rpm | Linux |
| Kernel-uek update (ELSA-2021-9085) kernel-uek-5.4.17-2036.104.4.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug update (ELSA-2021-9085) kernel-uek-debug-5.4.17-2036.104.4.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug-devel update (ELSA-2021-9085) kernel-uek-debug-devel-5.4.17-2036.104.4.el8uek.x86_64.rpm | Linux |
| Kernel-uek-devel update (ELSA-2021-9085) kernel-uek-devel-5.4.17-2036.104.4.el8uek.x86_64.rpm | Linux |
| Kernel-uek-doc update (ELSA-2021-9085) kernel-uek-doc-5.4.17-2036.104.4.el8uek.noarch.rpm | Linux |
| Kernel-uek update (ELSA-2021-9140) kernel-uek-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug update (ELSA-2021-9140) kernel-uek-debug-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug-devel update (ELSA-2021-9140) kernel-uek-debug-devel-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-devel update (ELSA-2021-9140) kernel-uek-devel-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-doc update (ELSA-2021-9140) kernel-uek-doc-5.4.17-2102.200.13.el8uek.noarch.rpm | Linux |
| Kernel-uek-container update (ELSA-2021-9141) kernel-uek-container-5.4.17-2102.200.13.el8.x86_64.rpm | Linux |
| Kernel-uek-container-debug update (ELSA-2021-9141) kernel-uek-container-debug-5.4.17-2102.200.13.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234