Bug 1112680 - (CVE-2018-6559) VUL-1: CVE-2018-6559: kernel-source: overlayfs implementation does not properly check permissions for read operations on directories in the lower filesystem directory
(CVE-2018-6559)
VUL-1: CVE-2018-6559: kernel-source: overlayfs implementation does not proper...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/217741/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-22 07:32 UTC by Karol Babioch
Modified: 2018-10-26 14:20 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-10-22 07:32:50 UTC
CVE-2018-6559

The overlayfs implementation in the linux (aka Linux kernel) package in Ubuntu
did not properly check permissions for read operations on directories in the
lower filesystem directory, which allows local users to obtain names of files
in which they would not normally be able to access by performing an overlayfs
mount inside of a user namespace.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6559
Comment 1 Goldwyn Rodrigues 2018-10-25 19:07:34 UTC
This is specific to ubuntu kernels since we do not perform user namespace overlayfs mounts.
Comment 2 Karol Babioch 2018-10-26 14:20:11 UTC
Closing this, as we seem not to be affected by this.