Vulnerabilities > Canonical > Ubuntu Core > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-02 CVE-2016-1576 The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
local
low complexity
canonical linux
7.2
2016-05-02 CVE-2016-1575 Improper Privilege Management vulnerability in multiple products
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
local
low complexity
linux canonical CWE-269
7.2
2016-05-01 CVE-2015-8325 Permissions, Privileges, and Access Controls vulnerability in multiple products
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
local
low complexity
debian openbsd canonical CWE-264
7.8