Bypassing Filesystem Restrictions via Crafted Clone System Call
CVE-2013-1956 · LOW Severity
AV:L/AC:L/AU:N/C:N/I:P/A:N
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.