Lucene search

K
cvelistRedhatCVELIST:CVE-2023-0386
HistoryMar 22, 2023 - 12:00 a.m.

CVE-2023-0386

2023-03-2200:00:00
CWE-282
redhat
www.cve.org
8
linux kernel
unauthorized access
setuid file
overlayfs subsystem
uid mapping bug
local user
privilege escalation

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

61.0%

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Kernel",
    "versions": [
      {
        "version": "Linux kernel 6.2-rc6",
        "status": "affected"
      }
    ]
  }
]