CVE-2023-2640
CVSS V2 None
CVSS V3 None
Description
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
Overview
- CVE ID
- CVE-2023-2640
- Assigner
- canonical
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-26T01:59:23.543Z
- Last Modified Date
- 2023-07-26T01:59:23.543Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://ubuntu.com/security/notices/USN-6250-1 | vendor-advisory |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 | issue-tracking |
| https://wiz.io/blog/ubuntu-overlayfs-vulnerability | technical-description |
| https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html | mailing-list |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-2640 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 21:52:47 | Added to TrackCVE |