CVE-2021-3493
8.8 HIGHThe overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabiliti...
Published: 2021-04-17 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-270, CWE-863
Affected products
| Vendor | Product |
|---|---|
| canonical | ubuntu_linux |
Description
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3493
- [Exploit reference]http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
- [Other]http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html
- [Exploit reference]http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52
- [Vendor advisory]https://ubuntu.com/security/notices/USN-4917-1
- [Other]https://www.openwall.com/lists/oss-security/2021/04/16/1
- [Exploit reference]http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
- [Other]http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html
- [Exploit reference]http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52
- [Vendor advisory]https://ubuntu.com/security/notices/USN-4917-1
- [Other]https://www.openwall.com/lists/oss-security/2021/04/16/1
- [Other]https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3493
Related CVEs
Same vendor
- CVE-2026-47337 — Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket ... (3.3 LOW)
- CVE-2026-47336 — Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code (3.3 LOW)
- CVE-2026-47335 — Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications (5.5 MEDIUM)
- CVE-2026-47334 — Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code (5.5 MEDIUM)
- CVE-2026-47333 — Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, l... (7.8 HIGH)
Same CWE
- CVE-2026-53860 — OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries... (4.2 MEDIUM)
- CVE-2026-53855 — OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks ... (8.1 HIGH)
- CVE-2026-53854 — OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows sender... (6.5 MEDIUM)
- CVE-2026-53853 — OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowe... (8.3 HIGH)
- CVE-2026-5149 — The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the g... (6.5 MEDIUM)