The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: file reading via Overlayfs Unprivileged User Namespaces

Synthesis of the vulnerability 

A local attacker can read a file via Overlayfs Unprivileged User Namespaces of the Linux kernel, in order to obtain sensitive information.
Impacted systems: Linux, Ubuntu.
Severity of this alert: 1/4.
Creation date: 13/10/2020.
Références of this alert: CERTFR-2020-AVI-637, CVE-2020-16120, USN-4576-1, USN-4577-1, USN-4578-1, VIGILANCE-VUL-33551.

Description of the vulnerability 

A local attacker can read a file via Overlayfs Unprivileged User Namespaces of the Linux kernel, in order to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability impacts software or systems such as Linux, Ubuntu.

Our Vigil@nce team determined that the severity of this security announce is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer vulnerability note.

Solutions for this threat 

Linux kernel: patch for Overlayfs Unprivileged User Namespaces.
A patch is available:
  https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=48bd024b8a40d73ad6b086de2615738da0c7004f
  https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=56230d956739b9cb1cbde439d76227d77979a04d
  https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=05acefb4872dae89e772729efb194af754c877e8
  https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=130fdbc3d1f9966dd4230709c30f3768bccd3065
  https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=292f902a40c11f043a5ca1305a114da0e523eaa3

Ubuntu 18.04: new linux-image-5.3.0 packages.
New packages are available:
  Ubuntu 18.04 LTS: linux-image-5.3.0-68-generic 5.3.0-68.63

Ubuntu: new linux-image-4.15.0 packages.
New packages are available:
  Ubuntu 14.04 ESM: linux-image-azure 4.15.0.1098.74
  Ubuntu 16.04 LTS: linux-image-generic-hwe-16.04 4.15.0.120.121
  Ubuntu 18.04 LTS: linux-image-generic 4.15.0.121.108

Ubuntu: new linux-image-5.4.0 packages.
New packages are available:
  Ubuntu 18.04 LTS: linux-image-generic-hwe-18.04 5.4.0.51.56~18.04.45
  Ubuntu 20.04 LTS: linux-image-generic 5.4.0.51.54
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities workaround. The technology watch team tracks security threats targeting the computer system.