Update unprivileged_userns_restriction

unprivileged_userns_restriction.md

@@ -14,6 +14,22 @@ This has lead to many real world CVEs. Examples (to pick a few):
 * [CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636): to exploit, need to be able to add netfilter rules, granted by `CAP_NET_ADMIN` in a new user and network namespace.
 * [CVE-2020-14386](https://nvd.nist.gov/vuln/detail/CVE-2020-14386): to exploit, need to interact with `AF_PACKET`, granted by `CAP_NET_RAW` in a new user namespace.
 
+* [CVE-2020-16120](https://nvd.nist.gov/vuln/detail/CVE-2020-16120): to exploit, needs to be able to mount fuse overlay and shiftfs.
+* [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001): [see write-up](https://www.synacktiv.com/en/publications/old-bug-shallow-bug-exploiting-ubuntu-at-pwn2own-vancouver-2023)
+* [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250): to exploit, needs to be able to add netfilter rules, granted by `CAP_NET_ADMIN` in a new user and network namespace.
+
+
+TODO: add full pwn2own 2017, 2020, 2021, 2022, 2023, 2024
+---
+
+
+
+
+
+
+---
+
+
 In a report from google [44% of the exploits](https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html) they saw required unprivileged user namespaces.
 
 Because of this several distro kernels carry a patch that allows for a [sysctl to disable unprivileged user namespaces](https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction#disabling-unprivileged-user-namespaces) as a mitigation. Unfortunately the sysctl is all or nothing, disabling unprivileged user namespaces might stop an exploit but also can break applications that use them. Generally an exploit targets a specific application, and as long as unprivileged user namespaces can be disabled for those applications there is no need to disable them for the entire system.