7.8 CVE-2023-2640

Patch Exploit
 

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
https://nvd.nist.gov/vuln/detail/CVE-2023-2640

Categories

CWE-863

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*


REMEDIATION


Patch

Url
https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html
https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html


EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url

Other Nist (github, ...)

Url
https://wiz.io/blog/ubuntu-overlayfs-vulnerability
https://wiz.io/blog/ubuntu-overlayfs-vulnerability


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry