An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.
https://bugs.chromium.org/p/project-zero/issues/detail?id=2011
Source: MITRE
Published: 2020-11-28
Updated: 2020-12-02
Type: CWE-22
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Impact Score: 4
Exploitability Score: 2
Severity: MEDIUM
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
146282 | openSUSE Security Update : RT kernel (openSUSE-2021-242) | Nessus | SuSE Local Security Checks | high |
145320 | openSUSE Security Update : the Linux Kernel (openSUSE-2021-60) | Nessus | SuSE Local Security Checks | high |
145025 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1) | Nessus | SuSE Local Security Checks | high |
144959 | SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1) | Nessus | SuSE Local Security Checks | high |