In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.

In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.

In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.

clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

In the Linux kernel, the following vulnerability has been resolved: c ...

In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.

Уязвимость функции clone_private_mnt() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность и доступность защищамой информации

Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP7)

Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP4)

Security update for the Linux Kernel (Live Patch 71 for SLE 12 SP5)

Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)

Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP7)

Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)

Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)

Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)

Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)

Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)