A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html | Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a | Mailing List Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html | |
https://security.netapp.com/advisory/ntap-20230420-0004/ | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5402 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2023-03-22T00:00:00
Updated: 2024-06-27T12:11:02.905345
Reserved: 2023-01-18T00:00:00
Link: CVE-2023-0386
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-22T21:15:18.090
Modified: 2024-06-27T12:15:13.477
Link: CVE-2023-0386
JSON object: View
Redhat Information
No data.
CWE