CVE-2021-3732 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure25 documents7 sources

Severity

5.5MEDIUMNVD

OSV8.7OSV6.5OSV5.9

EPSS

0.0%

top 93.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc CM1 Kernel 5.10.102.1-3 ON CBL Mariner 1.0

Timeline

PublishedMar 10

Latest updateApr 12

Description

A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDlinux/linux_kernel< 5.14+1

▶Debianlinux/linux_kernel< 5.10.46-5+3

▶Ubuntulinux/linux_kernel< 4.15.0-159.167+2

▶CVEListV5linux/linux_kernelAffects kernel before v5.13.11, Fixed in v5.14-rc6 and later.

▶debiandebian/linux< linux 5.14.6-1 (bookworm)

Patches

Patch: bugzilla.redhat.com ↗Patch: git.kernel.org ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

linux, linux-kvm, linux-lts-xenial vulnerabilities↗2023-04-12

▶

OSV

linux-aws vulnerabilities↗2023-04-06

▶

GHSA

GHSA-wc3f-5p43-3cxx: A security issue was found in Linux kernel’s OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with Overlay↗2022-03-11

▶

OSV

CVE-2021-3732: A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS↗2022-03-10

▶

OSV

linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-↗2021-10-22

▶

📋Vendor Advisories

Ubuntu

Linux kernel (AWS) vulnerabilities↗2023-04-12

▶

Ubuntu

Linux kernel vulnerabilities↗2023-04-12

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2023-04-06

▶

Microsoft

▶

Ubuntu

Linux kernel vulnerabilities↗2021-10-22

▶