GCVE - cpe:2.3:a:ubuntu:linux_kernel:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ubuntu:linux_kernel:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ubuntu (`54779f98-997b-58ec-a561-52dfa4086aae`)
Product	Linux Kernel (`63c1ae56-9cb0-5d7f-9df0-84fa1912dbf0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-3493`	vulnerable	2026-06-03 14:45:11.508136	Details available HIGH (8.8) The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. Published: 2021-04-17T04:20:16.706Z Updated: 2025-10-21T23:25:48.908Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-4917-1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52 https://www.openwall.com/lists/oss-security/2021/04/16/1 http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3492`	vulnerable	2026-06-03 14:45:11.505013	Ubuntu linux kernel shiftfs file system double free vulnerability HIGH (8.8) Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Published: 2021-04-17T04:20:16.011Z Updated: 2024-09-17T03:54:52.527Z Open on db.gcve.eu Reference links https://www.openwall.com/lists/oss-security/2021/04/16/2 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333 https://ubuntu.com/security/notices/USN-4917-1 https://www.zerodayinitiative.com/advisories/ZDI-21-422/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-15794`	vulnerable	2026-06-03 14:39:48.259937	Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs HIGH (7.1) Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow. Published: 2020-04-23T23:55:25.039Z Updated: 2024-09-16T19:52:18.313Z Open on db.gcve.eu Reference links https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3 https://usn.ubuntu.com/usn/usn-4208-1 https://usn.ubuntu.com/usn/usn-4209-1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.