Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3493 PoC — Linux kernel 安全漏洞

Source
https://github.com/puckiestyle/CVE-2021-3493
Associated Vulnerability
Title:Linux kernel 安全漏洞 (CVE-2021-3493)
Description:The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Readme
# CVE-2021-3493
Ubuntu OverlayFS Local Privesc

## Affected Versions

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM

## Usage

- ```gcc exploit.c -o exploit```
- ```./exploit```

## Description

"Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges, due to a patch carried in Ubuntu to allow unprivileged overlayfs mounts." [- Ubuntu Security](https://ubuntu.com/security/CVE-2021-3493)

Fixed in Linux 5.11

## References
- https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/
- https://ubuntu.com/security/CVE-2021-3493
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52
- https://www.openwall.com/lists/oss-security/2021/04/16/1

## Disclaimer
I am not the author of this exploit. I have not made any modifications to the PoC found here: https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/.
File Snapshot

 [4.0K]  /data/pocs/109348def71bba371abf8b93d57d4f960a03ccd5
├── [3.5K]  exploit.c
└── [1.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →