Shiftfs Vulnerability: Double-Free and Memory Exhaustion in Ubuntu Linux Kernels

Shiftfs Vulnerability: Double-Free and Memory Exhaustion in Ubuntu Linux Kernels

CVE-2021-3492 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.