Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close


Published: 24 April 2013

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.


According to the author of the fix[1], kernels older than 3.8 simply
not enough things were converted for most people to build a kernel
with user namespaces enabled.




Package Release Status
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
oneiric Ignored
(end of life)
precise Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
quantal Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
raring Not vulnerable
saucy Not vulnerable
trusty Not vulnerable
Released (3.9~rc5)
utopic Not vulnerable
vivid Not vulnerable
wily Not vulnerable
xenial Not vulnerable
yakkety Not vulnerable
zesty Not vulnerable
Introduced by


Fixed by 3151527ee007b73a0ebd296010f1c0454a919c7d
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Does not exist

precise Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
quantal Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

This package is not directly supported by the Ubuntu Security Team
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Not vulnerable
Released (3.9~rc5)
xenial Not vulnerable
yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Ignored
(end of life, was needed)
Released (3.9~rc5)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Ignored
yakkety Ignored
(end of life)
zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(end of life)
oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

Released (3.9~rc5)
xenial Not vulnerable
yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Ignored
(end of life, was needed)
Released (3.9~rc5)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Ignored
yakkety Ignored
(end of life)
zesty Ignored
(end of life)
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Does not exist
(trusty was ignored [abandoned])
Released (3.9~rc5)
utopic Ignored
(end of life)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

Released (3.9~rc5)
xenial Not vulnerable
yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

Released (3.9~rc5)
xenial Not vulnerable
yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Ignored
(end of life)
precise Ignored
(end of life)
quantal Ignored
(end of life)
raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Ignored
(end of life)
precise Ignored
(end of life)
quantal Ignored
(end of life)
raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Ignored
(end of life)
precise Ignored
(end of life)
quantal Ignored
(end of life)
raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(end of life)
oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(end of life)
oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Does not exist

precise Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Does not exist

precise Not vulnerable
quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was not-affected [4.2.0-18.22~14.04.1])
Released (3.9~rc5)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
precise Does not exist

trusty Not vulnerable
Released (3.9~rc5)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Does not exist
(trusty was ignored [abandoned])
Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Ignored
(end of life, was needed)
Released (3.9~rc5)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Ignored
yakkety Ignored
(end of life)
zesty Does not exist

Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Ignored
(end of life, was needed)
Released (3.9~rc5)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(end of life)
oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(end of life)
oneiric Ignored
(end of life)
precise Ignored
(end of life)
quantal Ignored
(end of life)
raring Does not exist

saucy Does not exist

trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

Released (3.9~rc5)
vivid Does not exist

wily Not vulnerable
xenial Not vulnerable
yakkety Not vulnerable
zesty Not vulnerable
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

Released (3.9~rc5)
wily Does not exist

xenial Not vulnerable
yakkety Not vulnerable
zesty Not vulnerable
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Ignored
(end of life)
precise Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
quantal Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
raring Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
saucy Not vulnerable
(v3.8 and older do not have sufficient conversion to be affected)
trusty Does not exist

Released (3.9~rc5)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist