Updated: 2023-12-06
CWE: Insertion of Sensitive Information into Externally-Accessible File or Directory
Description:
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
CVSS3: 8.8
| OS | Vendor version | Errata |
|---|---|---|
| Ubuntu 18.04 HWE | 5.0.0-35.38~18.04.1 | USN-4184-1 |
| Ubuntu 18.04 GCP | 5.0.0-1025.26~18.04.1 | USN-4184-1 |
| Ubuntu 18.04 Azure | 5.0.0-1025.27~18.04.1 | USN-4184-1 |
| OS | Original kernel version | State |
|---|---|---|
| Ubuntu 18.04 HWE | |
Ready For Release |
| Ubuntu 18.04 GCP |
5.0.0-1020.20~18.04.1
show all
hide all
5.0.0-1021.21~18.04.1
|
Released |
| Proxmox VE 6 |
5.0.18-1-pve_5.0.18-3
show all
hide all
5.0.21-1-pve_5.0.21-2
5.0.15-1-pve_5.0.15-1
5.0.12-1-pve_5.0.12-1
5.0.18-1-pve_5.0.18-2
5.0.21-2-pve_5.0.21-3
5.0.21-3-pve_5.0.21-7
5.0.8-2-pve_5.0.8-2
5.0.18-1-pve_5.0.18-1
5.0.21-1-pve_5.0.21-1
5.0.21-2-pve_5.0.21-6
5.0.8-1-pve_5.0.8-1
5.0.21-2-pve_5.0.21-4
|
Released |
| Ubuntu 18.04 Azure |
5.0.0-1020.21~18.04.1
show all
hide all
5.0.0-1022.23~18.04.1
5.0.0-1018.19~18.04.1
5.0.0-1023.24~18.04.1
5.0.0-1016.17~18.04.1
5.0.0-1019.20~18.04.1
5.0.0-1021.22~18.04.1
5.0.0-1014.14~18.04.1
|
Released |
| Debian 9 backports | |
Ready For Release |