PT-2023-1959 · Linux+10 · Linux Kernel+10

Published

2023-01-24

·

Updated

2026-03-31

·

CVE-2023-0386

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2
Description A flaw was found in the Linux kernel's OverlayFS subsystem, allowing unauthorized access to the execution of the setuid file with capabilities. This uid mapping bug enables a local user to escalate their privileges on the system. The issue is related to how a user copies a capable file from a nosuid mount into another mount. Exploitation requires unprivileged user namespaces enabled.
Recommendations For Linux kernel versions prior to 6.2, update to version 6.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of OverlayFS or restricting access to it until a patch is available. Additionally, disabling unprivileged user namespaces can help minimize the risk of exploitation.

Exploit

Fix

LPE

Weakness Enumeration

CWE-282

Related Identifiers

ALSA-2023:1566
ALSA-2023:1584
ALSA-2023:1691
ALSA-2023:1703
ALSA-2023_1566
ALSA-2023_1584
ALSA-2023_1691
ALSA-2023_1703
ALSA-2023_3349
ALSA-2023_3350
ALSA-2023_3708
ALSA-2023_3723
ALSA-2023_3819
ALSA-2023_3847
ALSA-2023_5069
ALSA-2023_5091
ALSA-2023_5244
ALSA-2024_0113
ALSA-2024_10281
ALSA-2024_10282
ALSA-2024_10939
ALSA-2024_11486
ALSA-2024_1607
ALSA-2024_2394
ALSA-2024_3306
ALSA-2024_3618
ALSA-2024_3619
ALSA-2024_3627
ALSA-2024_4349
ALSA-2024_4583
ALSA-2024_4928
ALSA-2024_5363
ALSA-2024_5928
ALSA-2024_6567
ALSA-2024_6997
ALSA-2024_8617
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALSA-2025_19237
ALSA-2025_19238
ALSA-2025_19345
ALSA-2025_20926
ALSA-2025_20955
ALSA-2025_21916
ALSA-2025_7531
ALSA-2025_7532
ALT-PU-2023-1168
ALT-PU-2023-1169
ALT-PU-2023-1206
ALT-PU-2023-1267
ALT-PU-2023-1627
ALT-PU-2023-4894
ALT-PU-2023-7007
ALT-PU-2023-7682
ALT-PU-2024-4263
ALT-PU-2024-4843
AZL-25742
BDU:2023-01572
CESA-2023_1566
CESA-2023_1584
CESA-2023_1659
CVE-2023-0386
DLA-3446-1
DLA-3840-1
DSA-5402-1
ELSA-2023-1566
ELSA-2023-1703
LSN-0095-1
RHSA-2023:1554
RHSA-2023:1566
RHSA-2023:1584
RHSA-2023:1659
RHSA-2023:1660
RHSA-2023:1677
RHSA-2023:1681
RHSA-2023:1691
RHSA-2023:1703
RHSA-2023:1970
RHSA-2023:1980
RHSA-2023:1984
RHSA-2023_1566
RHSA-2023_1584
RHSA-2023_1691
RHSA-2023_1703
RLSA-2023:1566
RLSA-2023:1584
RLSA-2023_1566
RLSA-2023_1584
RXSA-2023:1566
SUSE-SU-2023:2140-1
SUSE-SU-2023:2141-1
SUSE-SU-2023:2231-1
SUSE-SU-2023:2368-1
SUSE-SU-2023:2369-1
SUSE-SU-2023:2371-1
SUSE-SU-2023:2384-1
SUSE-SU-2023:2425-1
SUSE-SU-2023:2428-1
SUSE-SU-2023:2431-1
SUSE-SU-2023:2443-1
SUSE-SU-2023:2455-1
SUSE-SU-2023:2459-1
SUSE-SU-2023:2468-1
SUSE-SU-2023:2809-1
SUSE-SU-2023_2140-1
SUSE-SU-2023_2141-1
SUSE-SU-2023_2231-1
SUSE-SU-2023_2809-1
USN-6025-1
USN-6040-1
USN-6043-1
USN-6057-1
USN-6071-1
USN-6072-1
USN-6134-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu