module
2021 Ubuntu Overlayfs LPE
| Disclosed |
|---|
| Apr 12, 2021 |
Disclosed
Apr 12, 2021
Description
This module exploits a vulnerability in Ubuntu's implementation of overlayfs. The
vulnerability is the result of failing to verify the ability of a user to set the
attributes in a running executable. Specifically, when Overlayfs sends the set attributes
data to the underlying file system via `vfs_setxattr`, it fails to first verify the data
by calling `cap_convert_nscap`.
This vulnerability was patched by moving the call to `cap_convert_nscap`
into the `vfs_setxattr` function that sets the attribute, forcing verification every time the
`vfs_setxattr` is called rather than trusting the data was already verified.
vulnerability is the result of failing to verify the ability of a user to set the
attributes in a running executable. Specifically, when Overlayfs sends the set attributes
data to the underlying file system via `vfs_setxattr`, it fails to first verify the data
by calling `cap_convert_nscap`.
This vulnerability was patched by moving the call to `cap_convert_nscap`
into the `vfs_setxattr` function that sets the attribute, forcing verification every time the
`vfs_setxattr` is called rather than trusting the data was already verified.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.