CVE-2023-32629
Advisory lineage Upstream: 0 Downstream: 12
Modified
Published: 26 Jul 2023, 01:59
Last modified:13 Feb 2025, 16:54
Vulnerability Summary
Overall Risk (default)
high
56/100 CVSS Score
7.8 HIGH
v3.1 (cve.org)
EPSS Score
72.53% CRITICAL
73% probability +9.69%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
26 Jul 2023, 01:59
Published
Vulnerability first disclosed
13 Feb 2025, 16:54
Last Modified
Vulnerability information updated
Description
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 72.53%• Percentile: 99%
Techniques & Countermeasures
- CWE-863•Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Affected Systems
- canonical•ubuntu_linux
23.04
References (5)
- https://ubuntu.com/security/notices/USN-6250-1
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html
- https://wiz.io/blog/ubuntu-overlayfs-vulnerability
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629
- http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html