UBUNTU-CVE-2023-2640

Details

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

Affected Packages(204 packages)

linux

Ubuntu 18.04 LTS

Fixed in:

4.13.0-16.19

linux

Ubuntu 22.04 LTS

Fixed in:

5.13.0-19.19

linux

Ubuntu 24.10

Fixed in:

6.8.0-31.31

linux

Ubuntu 14.04 LTS

Fixed in:

3.11.0-12.19

linux

Ubuntu 16.04 LTS

Affected versions:

4.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.18

Fixed in:

4.4.0-2.16

linux

Ubuntu 24.04 LTS

Fixed in:

6.5.0-9.9

linux

Ubuntu 20.04 LTS

Affected versions:

5.3.0-18.195.3.0-24.26

Fixed in:

5.4.0-9.12

linux-aws

Ubuntu 20.04 LTS

Affected versions:

5.3.0-1003.35.3.0-1008.95.3.0-1009.105.3.0-1010.11

Fixed in:

5.4.0-1005.5

linux-aws

Ubuntu 22.04 LTS

Fixed in:

5.13.0-1005.6

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1001.10

References

REPORThttps://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html REPORThttps://ubuntu.com/security/CVE-2023-2640 REPORThttps://ubuntu.com/security/notices/USN-6248-1 REPORThttps://ubuntu.com/security/notices/USN-6250-1 REPORThttps://ubuntu.com/security/notices/USN-6260-1 REPORThttps://ubuntu.com/security/notices/USN-6285-1 REPORThttps://wiz.io/blog/ubuntu-overlayfs-vulnerability REPORThttps://www.cve.org/CVERecord?id=CVE-2023-2640

UBUNTU-CVE-2023-2640

Details

Affected Packages(204 packages)

References

CVSS Analysis

Related

Ecosystems(29)

Timeline