A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
18 Jun 2025, 15:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h300s
Netapp h300s Firmware Netapp h410s Canonical Netapp h410c Firmware Netapp h410s Firmware Netapp h410c Debian Netapp h500s Canonical ubuntu Linux Netapp h500s Firmware Debian debian Linux Netapp Netapp h700s Netapp h700s Firmware |
|
References | () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a - Mailing List, Patch, Vendor Advisory, Broken Link | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - Mailing List, Third Party Advisory |
21 Nov 2024, 07:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html - Third Party Advisory | |
References | () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a - Mailing List, Patch, Vendor Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - | |
References | () https://security.netapp.com/advisory/ntap-20230420-0004/ - Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5402 - Third Party Advisory |
27 Jun 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jun 2023, 16:56
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230420-0004/ - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5402 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html - Mailing List, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a - Mailing List, Patch, Vendor Advisory |
05 Jun 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 May 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Apr 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Mar 2023, 22:14
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-22 21:15
Updated : 2025-06-18 15:00
NVD link : CVE-2023-0386
Mitre link : CVE-2023-0386
CVE.ORG link : CVE-2023-0386
JSON object : View
Products Affected
netapp
- h700s_firmware
- h410c_firmware
- h300s_firmware
- h300s
- h500s
- h410s
- h500s_firmware
- h410c
- h410s_firmware
- h700s
canonical
- ubuntu_linux
debian
- debian_linux
linux
- linux_kernel
CWE