Home / Vulnerabilities / CVE-2021-3493
HIGH SEVERITY
CVE-2021-3493Linux · Kernel

Linux Kernel Privilege Escalation Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
8.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

77.19 %
Predictive Probability
Percentile Rank
99.0 th

Documented as more likely to be exploited than 99.0% of known CVEs.

Detection Date

Oct 20, 2022

Remediation Due

Nov 10, 2022

CISA Catalog Active

Threat Analysis

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.

Remediation Directive

Apply updates per vendor instructions.

External Intelligence

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2021-3493