Ubuntu Security Notice 2909-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
47eca111b5e14e6a83d4d3e3e108c3c0f4bb558525426c43eb0ea1c7acf76544