CVE-2023-0386
CVE-2023-0386
Theory
The overlay file system (often abbreviated as OverlayFS) allows a user to "merge" several mount points into a unified file system.
CVE-2023-0386 lies in the fact that when the kernel copied a file from the overlay file system to the "upper" directory, it did not check if the user/group owning this file was mapped in the current user namespace. This allows an unprivileged user to smuggle an SUID binary from a "lower" directory to the "upper" directory, by using OverlayFS as an intermediary.
Practice
The target system is likely to be vulnerable if it has a kernel version lower than 6.2.
#Get Kernel version
$ uname -r
5.15.70-051570-generic
References
Last updated
Was this helpful?