7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs
ovl_copy_up_meta_inode_data skip permission checks when calling
ovl_do_setxattr on Ubuntu kernels
Author | Note |
---|---|
eslerm | CWE-863 reported by Shir Tamari and Sagi Tzadik from Wiz Research |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-155.172 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-26.26 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1106.114 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1008.8 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-5.19 | < 5.19.0-1029.30~22.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1106.114~18.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.2 | < 6.2.0-1008.8~22.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1112.118 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-azure | < 6.2.0-1008.8 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | < 5.4.0-1112.118~18.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-32629
lists.ubuntu.com/archives/kernel-team/2023-July/140920.html
nvd.nist.gov/vuln/detail/CVE-2023-32629
security-tracker.debian.org/tracker/CVE-2023-32629
ubuntu.com/security/notices/USN-6248-1
ubuntu.com/security/notices/USN-6250-1
ubuntu.com/security/notices/USN-6251-1
ubuntu.com/security/notices/USN-6260-1
ubuntu.com/security/notices/USN-6261-1
ubuntu.com/security/notices/USN-6285-1
wiz.io/blog/ubuntu-overlayfs-vulnerability
www.cve.org/CVERecord?id=CVE-2023-32629
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%