Upstream information

CVE-2013-1956 at MITRE

Description

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:N/I:P/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Note from the SUSE Security Team

This problem only affected Linux kernel 3.8 and was not backported to older code branches. So no SUSE Linux Enterprise version was affected.

SUSE Bugzilla entries: 824997 [RESOLVED / UPSTREAM], 825001 [CLOSED / UPSTREAM]

No SUSE Security Announcements cross referenced.