PT-2023-4062 · Canonical+2 · Ubuntu+2

Sagi Tzadik

Publicado

2023-06-06

Atualizado

2026-06-16

CVE-2023-32629

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ubuntu kernels (affected versions not specified)

Description The issue is related to a local privilege escalation vulnerability in Ubuntu kernels, specifically in the overlayfs ovl copy up meta inode data function, which skips permission checks when calling ovl do setxattr. This allows an attacker to execute arbitrary code or cause a denial of service. The vulnerability has been exploited in real-world incidents to achieve easy root access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

ALSA-2025_16880

BDU:2023-04360

CVE-2023-32629

LSN-0097-1

USN-6248-1

USN-6250-1

USN-6251-1

USN-6260-1

USN-6261-1

USN-6285-1

USN-8255-1

USN-8255-2

USN-8255-3

USN-8275-1

USN-8297-1

USN-8439-1

Produtos afetados

Astra Linux

Linuxmint

Ubuntu

PT-2023-4062 · Canonical+2 · Ubuntu+2

CVE-2023-32629

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 187