Cloud Foundry Logo
blog single gear
Security Advisory

CVE-2015-1328 – overlayfs privilege escalation

CVE-2015-1328 – overlayfs privilege escalation

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04 LTS with 3.16 kernel

Description

Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

Affected Products and Versions

Severity is high unless otherwise noted.

  • Any Cloud Foundry deployment with Ubuntu Trusty BOSH stemcell prior to version 2989

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends upgrading to BOSH 2989 stemcell or later for all Cloud Foundry deployments.

Credit

Philip Pettersson

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES