Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 462172 (CVE-2013-1858)

Summary: Kernel : CLONE_NEWUSER | CLONE_FS chroot exploit (CVE-2013-1858)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Severity: normal CC: alexander, eric-f.garioud, kernel, kfm
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [linux >=3.8.0 <3.8.3] [linux >=3.9-rc1 <3.9-rc3]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-03-18 09:13:21 UTC
From $URL :

Linux kernels which support unprivileged user namespaces (CLONE_NEWUSER) and at the same time allow sharing file system information (CLONE_FS) between parent process and 
its newly clone(2)d child process in the new user namespace, are vulnerable to a privilege escalation flaw as presented by Sebastian Krahmer
in his chroot exploit [1].


An unprivileged local user could use this flaw to gain root privileges on a system.

Upstream fix:

Comment 1 Adrian Bassett 2013-03-18 10:00:18 UTC
The fix is already in 3.8.3 ...
Comment 2 Kerin Millar 2013-03-26 01:24:37 UTC
I'm defining the affected vanilla versions in the whiteboard field.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-04-11 16:59:28 UTC
CVE-2013-1858 (
  The clone system-call implementation in the Linux kernel before 3.8.3 does
  not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags,
  which allows local users to gain privileges by calling chroot and leveraging
  the sharing of the / directory between a parent process and a child process.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 15:08:01 UTC
Fixed in 3.8.3.