I am unable to patch OverlayFS vulnerability (CVE-2021-3493). They said in github that it is patched in 5.11 kernel however i have installed multiple kernels (5.11,5.15,6.2 etc) and also compiled from patched source code but i am just unable to patch the vulnerability. Can somebody help me regarding this matter? Whether i am missing some step or it is not patched yet?
6
-
How do you verify that it's not patched?vidarlo– vidarlo2024-01-04 11:20:23 +00:00Commented Jan 4, 2024 at 11:20
-
I can still exploit the vulnerability in the updated kernel and can access the root permissions without being rootArif Arshad– Arif Arshad2024-01-04 11:29:13 +00:00Commented Jan 4, 2024 at 11:29
-
"and can access the root permissions without being root" ... How exactly do you do that?Raffa– Raffa2024-01-04 11:30:28 +00:00Commented Jan 4, 2024 at 11:30
-
1You've not provided details as to what Ubuntu product & release, however if you look at ubuntu.com/security/cves?q=CVE-2021-3493 you'll note which releases are not impated & those which have fixed... chances are your system has been patched already (if you're using a supported release of Ubuntu)guiverc– guiverc2024-01-04 11:32:23 +00:00Commented Jan 4, 2024 at 11:32
-
File a bug report to Ubuntu security team.GAD3R– GAD3R2024-01-04 18:03:13 +00:00Commented Jan 4, 2024 at 18:03
|
Show 1 more comment