UBUNTU-CVE-2021-3493

Advisory lineage Upstream: 1 Downstream: 4
Upstream
CVE-2021-3493
Published: 15 Apr 2021, 17:00
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Apr 2021, 17:00
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

  • ubuntulinux

    < 4.4.0-209.241 | < 4.15.0-142.146 | < 5.4.0-72.80

  • ubuntulinux-aws

    < 4.4.0-1091.95 | < 4.4.0-1127.141 | < 4.15.0-1099.106 | < 5.4.0-1045.47

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-aws-5.4

    < 5.4.0-1045.47~18.04.1

  • ubuntulinux-aws-fips

    < 4.15.0-2042.44 | all | < 5.4.0-1069.73+fips2

  • ubuntulinux-aws-hwe

    < 4.15.0-1099.106~16.04.1

  • ubuntulinux-azure

    < 4.15.0-1113.126~14.04.1 | < 4.15.0-1113.126~16.04.1 | all | < 5.4.0-1046.48

  • ubuntulinux-azure-4.15

    < 4.15.0-1113.126

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-5.4

    < 5.4.0-1046.48~18.04.1

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fips

    < 4.15.0-2025.28 | all | < 5.4.0-1073.76+fips1

  • ubuntulinux-bluefield

    all

  • ubuntulinux-dell300x

    < 4.15.0-1017.21

  • ubuntulinux-fips

    < 4.4.0-1061.67 | all | < 4.15.0-1058.66

  • ubuntulinux-gcp

    < 4.15.0-1098.111~16.04.1 | all | < 5.4.0-1042.45

  • ubuntulinux-gcp-4.15

    < 4.15.0-1098.111

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-5.4

    < 5.4.0-1042.45~18.04.1

  • ubuntulinux-gcp-edge

    all

  • ubuntulinux-gcp-fips

    all | < 5.4.0-1067.71~20.04.1

  • ubuntulinux-gke

    < 5.4.0-1042.44

  • ubuntulinux-gke-4.15

    all

  • ubuntulinux-gke-5.3

    < 5.3.0-1042.45

  • ubuntulinux-gke-5.4

    < 5.4.0-1042.44~18.04.1

  • ubuntulinux-gkeop

    < 5.4.0-1014.15

  • ubuntulinux-gkeop-5.4

    < 5.4.0-1014.15~18.04.1

  • ubuntulinux-hwe

    < 4.15.0-142.146~16.04.1 | < 5.3.0-73.69

  • ubuntulinux-hwe-5.4

    < 5.4.0-72.80~18.04.1

  • ubuntulinux-hwe-5.8

    < 5.8.0-50.56~20.04.1

  • ubuntulinux-hwe-edge

    all | all

  • ubuntulinux-intel-iot-realtime

    all

  • ubuntulinux-kvm

    < 4.4.0-1092.101 | < 4.15.0-1090.92 | < 5.4.0-1038.39

  • ubuntulinux-lts-xenial

    < 4.4.0-209.241~14.04.1

  • ubuntulinux-nvidia

    all

  • ubuntulinux-oem

    all

  • ubuntulinux-oem-5.10

    < 5.10.0-1022.23

  • ubuntulinux-oem-5.6

    < 5.6.0-1054.58

  • ubuntulinux-oracle

    < 4.15.0-1070.78~16.04.1 | < 4.15.0-1070.78 | < 5.4.0-1043.46

  • ubuntulinux-oracle-5.0

    all

  • ubuntulinux-oracle-5.3

    all

  • ubuntulinux-oracle-5.4

    < 5.4.0-1043.46~18.04.1

  • ubuntulinux-raspi

    < 5.4.0-1034.37

  • ubuntulinux-raspi-5.4

    < 5.4.0-1034.37~18.04.1

  • ubuntulinux-raspi-realtime

    all

  • ubuntulinux-raspi2

    < 4.4.0-1151.162 | < 4.15.0-1084.89 | all

  • ubuntulinux-raspi2-5.3

    < 5.3.0-1039.41

  • ubuntulinux-realtime

    all

  • ubuntulinux-riscv

    all

Showing first 50 affected entries in server-rendered view.

References (7)