← Back to CVE List

CVE-2019-15793

Published: 2020-04-24T00:15Z
Last Modified: 2024-11-21T04:29Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt