CVE-2023-0386
high
KEV
CVSS v3
β
CVSS v4 NEW
β
VIR risk
10.0
Description
Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernelβs OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
CISA KEV
- Vendor
- Linux
- Product
- Kernel
- Due date
- 2025-07-08
Predictions
Exploit likelihood
99%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
{Vendor advisory: cisa-kev β This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a ; https://access.redhat.com/security/cve/cve-2023-0386 ; https://security.netapp.com/advisory/ntap-20230420-0004/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-0386}
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Metasploit modules
Source fetch failed: fetch_error β view the original via the link above.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | kernel-debug-devel-5.14.0-162.23.1.el9_1.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.1.11-1 |
| sid | Fixed | 6.1.11-1 |
| forky | Fixed | 6.1.11-1 |
| bullseye | Fixed | 5.10.179-1 |
| bookworm | Fixed | 6.1.11-1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2023:1681
- https://access.redhat.com/errata/RHSA-2023:1691
- https://access.redhat.com/errata/RHSA-2023:1703
- https://errata.rockylinux.org/RXSA-2023:1566
- https://errata.rockylinux.org/RLSA-2023:1584
- https://errata.rockylinux.org/RLSA-2023:1566
- https://www.suse.com/security/cve/CVE-2023-0386.html
- https://security-tracker.debian.org/tracker/CVE-2023-0386
- This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a ; https://access.redhat.com/security/cve/cve-2023-0386 ; https://security.netapp.com/advisory/ntap-20230420-0004/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-0386
- https://bugzilla.redhat.com/2159505
- https://errata.almalinux.org/9/ALSA-2023-1703.html
- https://errata.almalinux.org/9/ALSA-2023-1691.html
- https://access.redhat.com/errata/RHSA-2023:1566
- https://bugzilla.redhat.com/2150272
- https://bugzilla.redhat.com/2152548
- https://bugzilla.redhat.com/2163379
- https://errata.almalinux.org/8/ALSA-2023-1566.html
- https://access.redhat.com/errata/RHSA-2023:1584
- https://errata.almalinux.org/8/ALSA-2023-1584.html
- https://access.redhat.com/errata/RHSA-2023:1659
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.