Headline
CVE-2021-20321: In Overlayfs missing a check for a negative dentry before calling vfs_rename()
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
If you use the APIs then you should read the API Authentication changes announcement before your access is blocked on the 28th of February.
Bug 2013242 (CVE-2021-20321) - CVE-2021-20321 kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename()
Summary: CVE-2021-20321 kernel: In Overlayfs missing a check for a negative dentry bef…
Keywords:
Status:
NEW
Alias:
CVE-2021-20321
Product:
Security Response
Classification:
Other
Component:
vulnerability
Sub Component:
Version:
unspecified
Hardware:
All
OS:
Linux
Priority:
medium
Severity:
medium
Target Milestone:
—
Assignee:
Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
2010887 2011181 2013305 2013304 2013317 2013318 2013713 2016378 2026897
Blocks:
2011920 2013544
TreeView+
depends on / blocked
Reported:
2021-10-12 12:36 UTC by Alex
Modified:
2021-12-21 09:42 UTC (History)
CC List:
44 users (show)
Fixed In Version:
kernel 5.15-rc5
Doc Type:
If docs needed, set a value
Doc Text:
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
Clone Of:
Environment:
Last Closed:
Attachments
(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)
Links
System
ID
Private
Priority
Status
Summary
Last Updated
Red Hat Product Errata
RHSA-2021:5227
0
None
None
None
2021-12-21 09:42:47 UTC
Red Hat Product Errata
RHSA-2021:5241
0
None
None
None
2021-12-21 09:30:33 UTC
Description Alex 2021-10-12 12:36:50 UTC
An attacker with a low-privileged user on a Linux machine with an overlay mount can escalate his privileges up to root when performing rename in specific way with this overlayfs.
Reference: a295aef603e1 ("ovl: fix missing negative dentry check in ovl_rename()")
Comment 21 errata-xmlrpc 2021-12-21 09:30:29 UTC
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:5241 https://access.redhat.com/errata/RHSA-2021:5241
Comment 22 errata-xmlrpc 2021-12-21 09:42:44 UTC
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:5227 https://access.redhat.com/errata/RHSA-2021:5227
Note You need to log in before you can comment on or make changes to this bug.