carnil> Additionally to the three fixing commits
carnil> 130fdbc3d1f9966dd4230709c30f3768bccd3065 ("ovl: pass correct
carnil> flags for opening real directory") and
carnil> 292f902a40c11f043a5ca1305a114da0e523eaa3 ("ovl: call secutiry
carnil> hook in ovl_real_ioctl()") might be wanted (see oss-security
carnil> post).
carnil> Only exploitable when unprivileged user namespaces are enabled.
bwh> I think it's only exploitable when unprivileged user namespace
bwh> are enabled, *and* mounting of overlayfs is permitted in all
bwh> user namespaces. This is not possible in the upstream or stable
bwh> kernels, or in a default Debian configuration, but we do provide
bwh> run-time configuration knobs to enable these.
| Branch | Status |
|---|---|
| 4.19-buster-security | needed |
| 4.19-upstream-stable | N/A "Vulnerable configuration not possible" |
| 5.10-bullseye-security | N/A "Fixed before branching point" |
| 5.10-upstream-stable | N/A "Fixed before branch point" |
| 6.1-bookworm-security | N/A "Fixed before branch point" |
| 6.1-upstream-stable | N/A "Fixed before branch point" |
| 6.6-upstream-stable | unknown |
| 6.8-upstream-stable | unknown |
| sid | released (5.8.7-1) |
| upstream | released (5.8-rc1) [48bd024b8a40d73ad6b086de2615738da0c7004f, 56230d956739b9cb1cbde439d76227d77979a04d, 05acefb4872dae89e772729efb194af754c877e8] |