[PATCH 0/1][C/D] CVE-2018-6559 - Filename information disclosure in overlayfs

Tyler Hicks tyhicks at canonical.com
Fri Oct 19 16:44:52 UTC 2018


 The overlayfs implementation in the linux (aka Linux kernel) package in Ubuntu
 did not properly check permissions for read operations on directories in the
 lower filesystem directory, which allows local users to obtain names of files
 in which they would not normally be able to access by performing an overlayfs
 mount inside of a user namespace.

I've tested this change with a QRT regression test that I wrote as well as the


This issue is related to a portion of CVE-2015-1328 that was reintroduced into
the Ubuntu kernel. This bug comment describes the situation:


As mentioned above, I wrote a QRT test for this issue so that we don't
accidentally drop our SAUCE patch in the future.


More information about the kernel-team mailing list