The vulnerability is tracked as CVE-2021-3493 and it’s related to the OverlayFS file system implementation in the Linux kernel. It allows an unprivileged local user to gain root privileges.
CVE-2021-3493 has been exploited in the wild by a stealthy Linux malware named Shikitega, which researchers at AT&T Alien Labs detailed in early September. Shikitega is designed to target endpoints and IoT devices running Linux, allowing the attacker to gain full control of the system. It has also been used to download a cryptocurrency miner onto the infected device.
