CVE-2023-2640

Advisory lineage Upstream: 0 Downstream: 9

Downstream

UBUNTU-CVE-2023-2640 USN-6248-1 USN-6260-1 USN-6285-1 USN-8255-1 USN-8255-2

Modified

Published: 26 Jul 2023, 01:59

Last modified:23 Oct 2024, 14:59

Vulnerability Summary

Overall Risk (default)

high

60/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

92.39% CRITICAL

92% probability +0.65%

KEV

Not listed

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

26 Jul 2023, 01:59

Published

Vulnerability first disclosed

23 Oct 2024, 14:59

Last Modified

Vulnerability information updated

Description

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 92.39%• Percentile: 100%

Techniques & Countermeasures

CWE-863•Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Affected Systems

canonical•ubuntu_linux
23.04