CVE-2020-16120 — Incorrect Privilege Assignment in Kernel
Severity
4.4MEDIUMNVD
CNA5.1
EPSS
0.0%
top 85.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 10
Latest updateMay 24
Description
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl:…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-q6jw-34cj-733v: Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if,↗2022-05-24
OSV▶
CVE-2020-16120: Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if,↗2021-02-10
OSV▶
linux-hwe, linux-gke-5.0, linux-gke-5.3, linux-oem-osp1, linux-raspi2-5.3 vulnerabilities↗2020-10-14
📋Vendor Advisories
7💬Community
1Bugzilla▶
CVE-2020-16120 kernel: incorrect unprivileged overlayfs permission checking may lead to information disclosure↗2020-10-08