PT-2023-4062 · Canonical+2 · Ubuntu+2

Sagi Tzadik

Published

2023-06-06

Updated

2026-06-16

CVE-2023-32629

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ubuntu kernels (affected versions not specified)

Description The issue is related to a local privilege escalation vulnerability in Ubuntu kernels, specifically in the overlayfs ovl copy up meta inode data function, which skips permission checks when calling ovl do setxattr. This allows an attacker to execute arbitrary code or cause a denial of service. The vulnerability has been exploited in real-world incidents to achieve easy root access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALSA-2025_16880

BDU:2023-04360

CVE-2023-32629

LSN-0097-1

USN-6248-1

USN-6250-1

USN-6251-1

USN-6260-1

USN-6261-1

USN-6285-1

USN-8255-1

USN-8255-2

USN-8255-3

USN-8275-1

USN-8297-1

USN-8439-1

Affected Products

Astra Linux

Linuxmint

Ubuntu

PT-2023-4062 · Canonical+2 · Ubuntu+2

CVE-2023-32629

Weakness Enumeration

Related Identifiers

Affected Products

References · 187