Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 462172 (CVE-2013-1858) - Kernel : CLONE_NEWUSER | CLONE_FS chroot exploit (CVE-2013-1858)
Summary: Kernel : CLONE_NEWUSER | CLONE_FS chroot exploit (CVE-2013-1858)
Alias: CVE-2013-1858
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
Whiteboard: [linux >=3.8.0 <3.8.3] [linux >=3.9-r...
Depends on:
Reported: 2013-03-18 09:13 UTC by Agostino Sarubbo
Modified: 2022-03-25 15:08 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-18 09:13:21 UTC
From $URL :

Linux kernels which support unprivileged user namespaces (CLONE_NEWUSER) and at the same time allow sharing file system information (CLONE_FS) between parent process and 
its newly clone(2)d child process in the new user namespace, are vulnerable to a privilege escalation flaw as presented by Sebastian Krahmer
in his chroot exploit [1].


An unprivileged local user could use this flaw to gain root privileges on a system.

Upstream fix:

Comment 1 Adrian Bassett 2013-03-18 10:00:18 UTC
The fix is already in 3.8.3 ...
Comment 2 Kerin Millar 2013-03-26 01:24:37 UTC
I'm defining the affected vanilla versions in the whiteboard field.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-04-11 16:59:28 UTC
CVE-2013-1858 (
  The clone system-call implementation in the Linux kernel before 3.8.3 does
  not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags,
  which allows local users to gain privileges by calling chroot and leveraging
  the sharing of the / directory between a parent process and a child process.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 15:08:01 UTC
Fixed in 3.8.3.