High severity7.8NVD Advisory· Published May 2, 2016· Updated May 6, 2026

CVE-2016-2853

Description

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.0.0,<=3.19.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/nvdExploitThird Party Advisory
www.openwall.com/lists/oss-security/2016/02/24/9nvdExploitMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2021/10/18/1nvdMailing ListThird Party Advisory
sourceforge.net/p/aufs/mailman/message/34864744/nvdThird Party Advisory
www.securityfocus.com/bid/96839nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000