CVE-2020-16120 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Privilege escalation
Description	Giuseppe Scrivano discovered that overlayfs did not properly perform permission checking when copying up files in an overlayfs, and can be exploited from within a user namespace, if, for example, unprivileged user namespaces are allowed. An attacker can abuse this to get read access to files on the system that they would not normally be permitted to access.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1242	linux	5.7.12.arch1-1	5.8.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2020/10/13/6

Notes
Mitigation on systems where unprivileged user namespaces are enabled but not needed is to set the kernel.unprivileged_userns_clone sysctl to 0. e.g.: $ sudo sysctl kernel.unprivileged_userns_clone=0 and across reboots by adding a file in /etc/sysctl.d/ that contains: kernel.unprivileged_userns_clone=0

Notes

Mitigation on systems where unprivileged user namespaces are enabled
but not needed is to set the kernel.unprivileged_userns_clone sysctl
to 0. e.g.:

  $ sudo sysctl kernel.unprivileged_userns_clone=0

and across reboots by adding a file in /etc/sysctl.d/ that contains:

  kernel.unprivileged_userns_clone=0