{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2640", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2023-05-10T21:23:35.226Z", "datePublished": "2023-07-26T01:59:23.543Z", "dateUpdated": "2024-10-23T14:59:17.779Z"}, "containers": {"cna": {"affected": [{"vendor": "Canonical", "product": "Ubuntu Kernel", "platforms": ["Linux"], "packageName": "Linux", "versions": [{"status": "unaffected", "version": "0", "lessThan": "6.2.0-26.26", "versionType": "semver"}, {"status": "unaffected", "version": "0", "lessThan": "6.0.0-1020.20", "versionType": "semver"}, {"status": "unaffected", "version": "0", "lessThan": "5.4.0-155.172", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "On Ubuntu kernels carrying both c914c0e27eb0 and \"UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs\", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks."}], "workarounds": [{"lang": "en", "value": "If not needed, disable the ability for unprivileged users\nto create namespaces. To do this temporarily, do:\n sudo sysctl -w kernel.unprivileged_userns_clone=0\nTo disable across reboots, do:\n echo kernel.unprivileged_userns_clone=0 | \\\n sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf"}], "datePublic": "2023-06-06T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vendor-advisory"], "url": "https://ubuntu.com/security/notices/USN-6250-1"}, {"tags": ["issue-tracking"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640"}, {"tags": ["technical-description"], "url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability"}, {"tags": ["mailing-list"], "url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html"}], "credits": [{"lang": "en", "type": "finder", "value": "Stonejiajia"}, {"lang": "en", "type": "finder", "value": "Shir Tamari"}, {"lang": "en", "type": "finder", "value": "Sagi Tzadik"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-07-26T01:59:23.543Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:26:09.894Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-6250-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640"}, {"tags": ["technical-description", "x_transferred"], "url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability"}, {"tags": ["mailing-list", "x_transferred"], "url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html"}]}, {"affected": [{"vendor": "canonical", "product": "ubantu_kernel", "cpes": ["cpe:2.3:o:canonical:ubantu_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "6.2.0-26.26", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "6.0.0-1020.20", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "5.4.0-155.172", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:57:20.015297Z", "id": "CVE-2023-2640", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:59:17.779Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://ubuntu.com/security/notices/USN-6250-1", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability", "tags": ["technical-description", "x_transferred"]}, {"url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:26:09.894Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2640", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-23T14:57:20.015297Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:canonical:ubantu_kernel:*:*:*:*:*:*:*:*"], "vendor": "canonical", "product": "ubantu_kernel", "versions": [{"status": "affected", "version": "0", "lessThan": "6.2.0-26.26", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "6.0.0-1020.20", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "5.4.0-155.172", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:59:02.163Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Stonejiajia"}, {"lang": "en", "type": "finder", "value": "Shir Tamari"}, {"lang": "en", "type": "finder", "value": "Sagi Tzadik"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Canonical", "product": "Ubuntu Kernel", "versions": [{"status": "unaffected", "version": "0", "lessThan": "6.2.0-26.26", "versionType": "semver"}, {"status": "unaffected", "version": "0", "lessThan": "6.0.0-1020.20", "versionType": "semver"}, {"status": "unaffected", "version": "0", "lessThan": "5.4.0-155.172", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "Linux", "defaultStatus": "unaffected"}], "datePublic": "2023-06-06T00:00:00.000Z", "references": [{"url": "https://ubuntu.com/security/notices/USN-6250-1", "tags": ["vendor-advisory"]}, {"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640", "tags": ["issue-tracking"]}, {"url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability", "tags": ["technical-description"]}, {"url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html", "tags": ["mailing-list"]}], "workarounds": [{"lang": "en", "value": "If not needed, disable the ability for unprivileged users\nto create namespaces. To do this temporarily, do:\n sudo sysctl -w kernel.unprivileged_userns_clone=0\nTo disable across reboots, do:\n echo kernel.unprivileged_userns_clone=0 | \\\n sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf"}], "descriptions": [{"lang": "en", "value": "On Ubuntu kernels carrying both c914c0e27eb0 and \"UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs\", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-07-26T01:59:23.543Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2640", "state": "PUBLISHED", "dateUpdated": "2024-10-23T14:59:17.779Z", "dateReserved": "2023-05-10T21:23:35.226Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2023-07-26T01:59:23.543Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*", "matchCriteriaId": "B2E702D7-F8C0-49BF-9FFB-883017076E98", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On Ubuntu kernels carrying both c914c0e27eb0 and \"UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs\", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks."}], "id": "CVE-2023-2640", "lastModified": "2024-11-21T07:58:59.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-26T02:15:09.300", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch"], "url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://ubuntu.com/security/notices/USN-6250-1"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://ubuntu.com/security/notices/USN-6250-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@ubuntu.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: overlayfs: In Ubuntu skip permission checking for trusted.overlayfs.* xattrs", "id": "2229734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229734"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["On Ubuntu kernels carrying both c914c0e27eb0 and \"UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs\", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.", "A flaw was found in the Linux Kernel where the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. This flaw allows a local attacker to gain elevated privileges due to skipped permission in checking for trusted.overlayfs.* xattrs (CVE-2023-2640). There is a similar local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data due to skipped permission checks when calling ovl_do_setxattr on Ubuntu kernels (CVE-2023-32629)."], "name": "CVE-2023-2640", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-07-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2640\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2640\nhttps://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html\nhttps://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html\nhttps://www.wiz.io/blog/ubuntu-overlayfs-vulnerability"], "threat_severity": "Important"}