Updated: 2023-11-24

CWE: Permissions, Privileges, and Access Control


The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

CVSS3: 6.7

Vendor State

OS Vendor version Errata
CentOS 7 3.10.0-327.28.2.el7 CESA-2016:1539
RHEL 7 3.10.0-327.28.2.el7 RHSA-2016:1539
CentOS 7 plus CESA-2016:1539
Oracle Linux 7 3.10.0-327.28.2.el7 ELSA-2016-1539

KernelCare State

OS Original kernel version State
Endurance 7 eig 3.10
Ready For Release
Debian 9 backports
Will Not Fix
Debian 10 cloud
Will Not Fix
OEL 7 Dell
Ready For Release
CentOS 7
3.10.0-327.3.1.el7 show all hide all
3.10.0-229.7.2.el7 3.10.0-229.11.1.el7 3.10.0-229.el7 3.10.0-327.10.1.el7 3.10.0-229.4.2.el7 3.10.0-327.el7 3.10.0-327.22.2.el7 3.10.0-327.18.2.el7 3.10.0-229.14.1.el7 3.10.0-327.13.1.el7 3.10.0-327.4.4.el7 3.10.0-229.20.1.el7 3.10.0-229.1.2.el7 3.10.0-327.4.5.el7
3.10.0-229.el7 show all hide all
3.10.0-327.18.2.el7 3.10.0-229.14.1.el7 3.10.0-327.4.5.el7 3.10.0-327.3.1.el7 3.10.0-327.13.1.el7 3.10.0-327.4.4.el7 3.10.0-327.22.2.el7 3.10.0-229.4.2.el7 3.10.0-229.7.2.el7 3.10.0-327.10.1.el7 3.10.0-327.el7 3.10.0-229.11.1.el7 3.10.0-229.20.1.el7 3.10.0-229.1.2.el7
CloudLinux OS 7
3.10.0-329.7.2.lve1.3.50.el7 show all hide all
3.10.0-329.7.2.lve1.3.55.el7 3.10.0-329.7.2.lve1.3.58.el7 3.10.0-329.7.2.lve1.4.2.el7 3.10.0-329.7.2.lve1.4.4.el7
CentOS 7 plus show all hide all
Oracle Linux 7
3.10.0-229.7.2.el7 show all hide all
3.10.0-229.1.2.el7 3.10.0-229.4.2.el7 3.10.0-229.el7 3.10.0-327.4.5.el7 3.10.0-229.11.1.el7 3.10.0-327.18.2.el7 3.10.0-327.3.1.el7 3.10.0-327.10.1.el7 3.10.0-327.13.1.el7 3.10.0-327.4.4.el7 3.10.0-327.22.2.el7 3.10.0-229.14.1.el7 3.10.0-327.el7 3.10.0-229.20.1.el7