Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:14.04.3:*:*:*:lts:*:*:*
There are 2 matching records.
Displaying matches 1 through 2.
Vuln ID Summary CVSS Severity
CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Published: April 17, 2021; 1:15:14 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

Published: April 17, 2021; 1:15:13 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH