Vulnerability Details CVE-2023-2640
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.92
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 7.8
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html
- https://ubuntu.com/security/notices/USN-6250-1
- https://wiz.io/blog/ubuntu-overlayfs-vulnerability
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html
- https://ubuntu.com/security/notices/USN-6250-1
- https://wiz.io/blog/ubuntu-overlayfs-vulnerability
Products affected by CVE-2023-2640
-
cpe:2.3:o:canonical:ubuntu_linux:23.04