Privilege Escalation Vulnerability in Linux Kernel’s OverlayFS System
CVE-2023-0386
Key Information:
Badges
What is CVE-2023-0386?
CVE-2023-0386 is a privilege escalation vulnerability identified in the Linux kernel's OverlayFS subsystem. This component plays a critical role in managing file systems by allowing users to create a layered file system, which can significantly enhance flexibility and efficiency in file management, especially in containerized environments. The vulnerability arises from a flaw that enables unauthorized access when a user attempts to copy a setuid file with capabilities from a nosuid mount to another mount. Specifically, this uid mapping issue can allow a local user to escalate their privileges, potentially granting them access to sensitive system resources and functionalities that should remain restricted.
By exploiting this vulnerability, an attacker could gain administrative-level privileges on affected systems, thereby compromising the integrity of the operating environment. This could lead to further attacks, such as the installation of malicious software or unauthorized data access, which could severely disrupt operations and undermine system security.
Potential Impact of CVE-2023-0386
-
Privilege Escalation: This vulnerability allows local users to gain elevated privileges, which can enable them to execute unauthorized actions and access restricted files or system features.
-
System Compromise: By attaining elevated access rights, a malicious actor could potentially install malware, create backdoors, or conduct other harmful activities that jeopardize the system's integrity and security.
-
Data Breach and Loss: Unauthorized access to critical system resources may lead to data breaches, exposing sensitive information and resulting in compliance issues, financial losses, and damage to the organization’s reputation.
CISA has reported CVE-2023-0386
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-0386 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Kernel Linux kernel 6.2-rc6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA (.gov)CVE-2023-0386CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation
3 weeks ago
CISA warns of attackers exploiting Linux flaw with PoC exploit
CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel's OverlayFS subsystem that allows them to gain root privileges.
3 weeks ago
The Cyber ExpressCVE-2023-0386CISA Warns Of CVE-2023-0386 Linux Kernel Exploitation
CISA adds CVE-2023-0386, a Linux Kernel privilege escalation flaw in OverlayFS, to its Known Exploited Vulnerabilities catalog.
3 weeks ago
References
EPSS Score
50% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 📰
First article discovered by yitian.ir
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved