Vulnerabilities > CVE-2023-2640 - Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

canonical

CWE-863

NVD

Published: 2023-07-26

Updated: 2023-08-03

Summary

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

Vulnerable Configurations

Part	Description	Count
OS	Canonical Canonical Ubuntu Linux 23.04	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640
https://ubuntu.com/security/notices/USN-6250-1
https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html
https://wiz.io/blog/ubuntu-overlayfs-vulnerability