CVE-2023-2640

HIGH7.8

Public PoC

Description

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Canonical / Ubuntu Kernel0 – 6.2.0-26.26
Canonical / Ubuntu Kernel0 – 6.0.0-1020.20
Canonical / Ubuntu Kernel0 – 5.4.0-155.172

Exploits & PoCs

nucleiGameOver(lay) - Local Privilege Escalation in Ubuntu Kernelby princechaddha

References

VENDOR_ADVISORYhttps://ubuntu.com/security/notices/USN-6250-1
CONFIRMhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640
MISChttps://wiz.io/blog/ubuntu-overlayfs-vulnerability
MAILING_LISThttps://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html