Vulnerabilities > CVE-2023-32629 - Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html
- https://wiz.io/blog/ubuntu-overlayfs-vulnerability
- https://ubuntu.com/security/notices/USN-6250-1
- http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html