CVE-2021-3493

Advisory lineage Upstream: 0 Downstream: 6
Analyzed
Published: 17 Apr 2021, 04:20
Last modified:21 Oct 2025, 23:25

Vulnerability Summary

Overall Risk (default)
high
61/100
CVSS Score
8.8 HIGH
v3.1 (cve.org)
EPSS Score
79.71% CRITICAL
80% probability +2.94%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
3 found
Dark Web
Not detected

Timeline

17 Apr 2021, 04:20
Published
Vulnerability first disclosed
20 Oct 2022, 00:00
Added to CISA KEV
Linux Kernel Privilege Escalation Vulnerability
10 Nov 2022, 00:00
CISA Remediation Due
Apply updates per vendor instructions.
21 Oct 2025, 23:25
Last Modified
Vulnerability information updated

Description

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

CVSS Metrics

  • v3.1HIGHScore: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0HIGHScore: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 79.71% Percentile: 99%

Techniques & Countermeasures

  • CWE-863Incorrect Authorization

    The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

  • CWE-270Privilege Context Switching Error

    The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

Affected Systems

  • canonicalubuntu_linux

    < 18.04 | ≥ 18.04.1, < 20.04 | < 20.10

  • ubuntulinux_kernel

    ≥ 5.8 kernel, < 5.8.0-50.56 | ≥ 5.4 kernel, < 5.4.0-72.80 | ≥ 4.15 kernel, < 4.15.0-142.146 | ≥ 4.4 kernel, < 4.4.0-209.241

References (7)