7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: …
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
References
- https://ubuntu.com/security/notices/USN-6250-1 vendor-advisory
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 issue-tracking
- https://wiz.io/blog/ubuntu-overlayfs-vulnerability technical-description
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html mailing-list
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html mailing-list x_transferred
- https://ubuntu.com/security/notices/USN-6250-1 vendor-advisory x_transferred
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 issue-tracking x_transferred
- https://wiz.io/blog/ubuntu-overlayfs-vulnerability technical-description x_transferred
- https://ubuntu.com/security/notices/USN-6250-1 vendor-advisory
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 issue-tracking
- https://wiz.io/blog/ubuntu-overlayfs-vulnerability technical-description
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html mailing-list
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html mailing-list x_transferred
- https://ubuntu.com/security/notices/USN-6250-1 vendor-advisory x_transferred
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 issue-tracking x_transferred
- https://wiz.io/blog/ubuntu-overlayfs-vulnerability technical-description x_transferred
Affected products
- <6.0.0-1020.20
- <5.4.0-155.172
- <6.2.0-26.26
- <6.0.0-1020.20
- <5.4.0-155.172
- <6.2.0-26.26
Matching in nixpkgs
pkgs.m33-linux
Linux program that can communicate with the Micro 3D printer
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2016-06-23
pkgs.vibrantlinux
Tool to automate managing your screen's saturation depending on what programs are running
-
nixos-unstable -
- nixpkgs-unstable 2.2.0
pkgs.perlPackages.LinuxFD
Linux specific special filehandles
-
nixos-unstable -
- nixpkgs-unstable 0.014
pkgs.perlPackages.LinuxACL
Perl extension for reading and setting Access Control Lists for files by libacl linux library
-
nixos-unstable -
- nixpkgs-unstable 0.05
pkgs.perl538Packages.LinuxFD
Linux specific special filehandles
-
nixos-unstable -
- nixpkgs-unstable 0.014
pkgs.perl540Packages.LinuxFD
Linux specific special filehandles
-
nixos-unstable -
- nixpkgs-unstable 0.014
pkgs.perl538Packages.LinuxACL
Perl extension for reading and setting Access Control Lists for files by libacl linux library
-
nixos-unstable -
- nixpkgs-unstable 0.05
pkgs.perl540Packages.LinuxACL
Perl extension for reading and setting Access Control Lists for files by libacl linux library
-
nixos-unstable -
- nixpkgs-unstable 0.05
pkgs.perlPackages.Linuxusermod
This module adds, removes and modify user and group accounts according to the passwd and shadow files syntax
-
nixos-unstable -
- nixpkgs-unstable 0.69
pkgs.perlPackages.LinuxInotify2
Scalable directory/file change notification for Perl on Linux
-
nixos-unstable -
- nixpkgs-unstable Inotify2-2.3
pkgs.perl538Packages.Linuxusermod
This module adds, removes and modify user and group accounts according to the passwd and shadow files syntax
-
nixos-unstable -
- nixpkgs-unstable 0.69
pkgs.perl540Packages.Linuxusermod
This module adds, removes and modify user and group accounts according to the passwd and shadow files syntax
-
nixos-unstable -
- nixpkgs-unstable 0.69
pkgs.perl538Packages.LinuxInotify2
Scalable directory/file change notification for Perl on Linux
-
nixos-unstable -
- nixpkgs-unstable Inotify2-2.3
pkgs.perl540Packages.LinuxInotify2
Scalable directory/file change notification for Perl on Linux
-
nixos-unstable -
- nixpkgs-unstable Inotify2-2.3
pkgs.perlPackages.LinuxDesktopFiles
Fast parsing of the Linux desktop files
-
nixos-unstable -
- nixpkgs-unstable 0.25
pkgs.perlPackages.LinuxDistribution
Perl extension to detect on which Linux distribution we are running
-
nixos-unstable -
- nixpkgs-unstable 0.23
pkgs.perl538Packages.LinuxDesktopFiles
Fast parsing of the Linux desktop files
-
nixos-unstable -
- nixpkgs-unstable 0.25
pkgs.perl538Packages.LinuxDistribution
Perl extension to detect on which Linux distribution we are running
-
nixos-unstable -
- nixpkgs-unstable 0.23
pkgs.perl540Packages.LinuxDesktopFiles
Fast parsing of the Linux desktop files
-
nixos-unstable -
- nixpkgs-unstable 0.25
pkgs.perl540Packages.LinuxDistribution
Perl extension to detect on which Linux distribution we are running
-
nixos-unstable -
- nixpkgs-unstable 0.23
Package maintainers
-
@de11n Elliot Cameron <nixpkgs-commits@deshaw.com>
-
@invokes-su Souvik Sen <nixpkgs-commits@deshaw.com>
-
@despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com>
-
@Scrumplex Sefa Eyeoglu <contact@scrumplex.net>
-
@unclamped Maru <clear6860@tutanota.com>