vulnerability
Ubuntu: USN-4712-1: Linux kernel regression
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | 2021-01-28 | 2021-01-29 | 2025-02-19 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
2021-01-28
Added
2021-01-29
Modified
2025-02-19
Description
USN-4576-1 fixed a vulnerability in the overlay file system implementation in the Linux kernel. Unfortunately, that fix introduced a regression that could incorrectly deny access to overlay files in some situations. This update fixes the problem.
We apologize for the inconvenience.
Original vulnerability details:
Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files.
Solution(s)
ubuntu-upgrade-linux-image-5-4-0-65-genericubuntu-upgrade-linux-image-5-4-0-65-generic-lpaeubuntu-upgrade-linux-image-5-4-0-65-lowlatencyubuntu-upgrade-linux-image-5-8-0-41-genericubuntu-upgrade-linux-image-5-8-0-41-generic-64kubuntu-upgrade-linux-image-5-8-0-41-generic-lpaeubuntu-upgrade-linux-image-5-8-0-41-lowlatencyubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-18-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-18-04ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-hwe-18-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-oemubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-osp1ubuntu-upgrade-linux-image-snapdragon-hwe-18-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-18-04ubuntu-upgrade-linux-image-virtual-hwe-20-04
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.