CVE-2021-3493 - Linux Kernel Privilege Escalation Vulnerability

Linux | Kernel

• Date Added:
• 2022-10-20

• Due Date:
• 2022-11-10

Vulnerability Name

Linux Kernel Privilege Escalation Vulnerability

Description

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52; https://nvd.nist.gov/vuln/detail/CVE-2021-3493

Latest Security News

AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Credential Theft Becomes Cybercriminals' Favorite Target

Ferret Malware Added to 'Contagious Interview' Campaign

Zyxel won’t patch newly exploited flaws in end-of-life routers

Google Play, Apple App Store apps caught stealing crypto wallets

Cybercriminals Court Traitorous Insiders via Ransom Notes

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Common Alerts

MediumSession ID in URL Rewrite

MediumMultiple X-Frame-Options Header Entries

HighRemote OS Command Injection

InformationalASP.NET ViewState Disclosure

HighAdvanced SQL Injection

InformationalInformation Disclosure - JWT in Browser sessionStorage

MediumParameter Tampering

InformationalInformation Disclosure - Sensitive Information in URL

HighRemote Code Execution - Shell Shock

MediumDirectory Browsing

Top CVE List

CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2015-6175 Microsoft Windows Kernel Privilege Escalation Vulnerability

CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2012-5076 Oracle Java SE Sandbox Bypass Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1426 Improper Validation of Generative AI Output

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-284 Improper Access Control

CWE-304 Missing Critical Step in Authentication

CWE-307 Improper Restriction of Excessive Authentication Attempts