Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3493

CVSS 8.8 · High KEV EPSS 77.07% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3493

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权上下文切换错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 linux kernel 存在安全漏洞,该漏洞源于非特权用户名称空间和Ubuntu内核中允许非特权覆盖的补丁的组合,攻击者可利用该漏洞可以使用它来获得更高的特权。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Ubuntulinux kernel 5.8 kernel ~ 5.8.0-50.56 -

II. Public POCs for CVE-2021-3493

#POC DescriptionSource LinkShenlong Link
1Ubuntu OverlayFS Local Priveschttps://github.com/briskets/CVE-2021-3493POC Details
2Nonehttps://github.com/oneoy/CVE-2021-3493POC Details
3Nonehttps://github.com/Abdennour-py/CVE-2021-3493POC Details
4Nonehttps://github.com/Ishan3011/CVE-2021-3493POC Details
5CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)https://github.com/inspiringz/CVE-2021-3493POC Details
6CVE-2021-3493 Ubuntu漏洞https://github.com/derek-turing/CVE-2021-3493POC Details
72021 kernel vulnerability in Ubuntu.https://github.com/cerodah/overlayFS-CVE-2021-3493POC Details
8Nonehttps://github.com/puckiestyle/CVE-2021-3493POC Details
9Nonehttps://github.com/Senz4wa/CVE-2021-3493POC Details
10Nonehttps://github.com/fei9747/CVE-2021-3493POC Details
11Exploit For OverlayFS https://github.com/pmihsan/OverlayFS-CVE-2021-3493POC Details
12Nonehttps://github.com/smallkill/CVE-2021-3493POC Details
13Nonehttps://github.com/ptkhai15/OverlayFS---CVE-2021-3493POC Details
14Nonehttps://github.com/fathallah17/OverlayFS---CVE-2021-3493POC Details
15Exploit a 2021 Kernel vulnerability in Ubuntu to become root almost instantly!https://github.com/fathallah17/OverlayFS-CVE-2021-3493POC Details
16Nonehttps://github.com/Sornphut/OverlayFS---CVE-2021-3493POC Details
17Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/Linux%20kernel%20%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E%20CVE-2021-3493.mdPOC Details
18A penetration test of Ubuntu Touch 16.04 that identified 7 vulnerabilities, including a critical kernel exploit (CVE-2021-3493) allowing root access. This report provides findings and actionable hardening recommendations.https://github.com/spideyctf/UbuntuTouchSecurityVAPTReportPOC Details
19root Privilegeshttps://github.com/cyberx-1/OverlayFS-CVE-2021-3493POC Details
20CVE-2021-3493 OverlayFS privilege escalation exploit framework with advanced red team features. Includes persistence mechanisms, post-exploitation modules, stealth capabilities, and comprehensive documentation. For authorized testing only.https://github.com/George-Yanni/DeepRootPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-3493

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: linux kernel
Same vendor: Ubuntu
Same weakness: CWE-270

V. Comments for CVE-2021-3493

No comments yet

Leave a comment