QSearchQSearch

CVE-2021-3493

8.8 HIGH

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabiliti...

Published: 2021-04-17 · Last updated: 2026-06-17

Severity and scoring

CVSS
8.8 HIGH
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
CWE-270, CWE-863

Affected products

VendorProduct
canonicalubuntu_linux

Description

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-47337 Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket ... (3.3 LOW)
  • CVE-2026-47336 Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code (3.3 LOW)
  • CVE-2026-47335 Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications (5.5 MEDIUM)
  • CVE-2026-47334 Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code (5.5 MEDIUM)
  • CVE-2026-47333 Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, l... (7.8 HIGH)

Same CWE

  • CVE-2026-53860 OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries... (4.2 MEDIUM)
  • CVE-2026-53855 OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks ... (8.1 HIGH)
  • CVE-2026-53854 OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows sender... (6.5 MEDIUM)
  • CVE-2026-53853 OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowe... (8.3 HIGH)
  • CVE-2026-5149 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the g... (6.5 MEDIUM)