Back to bug 2159505
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Alex | 2023-01-09 19:50:46 UTC | CC | security-response-team | |
| Alex | 2023-01-11 17:52:16 UTC | Comment | 0 | updated |
| Alex | 2023-01-11 17:53:11 UTC | Comment | 0 | updated |
| Alex | 2023-01-11 17:53:25 UTC | Doc Type | --- | If docs needed, set a value |
| Alex | 2023-01-11 17:54:25 UTC | Priority | medium | high |
| Severity | medium | high | ||
| Alex | 2023-01-18 15:38:46 UTC | Summary | EMBARGOED kernel: FUSE filesystem low-privileged user privileges escalation | EMBARGOED CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation |
| Alias | CVE-2023-0386 | |||
| Alex | 2023-01-29 14:18:29 UTC | CC | acaringi, bhu, chwhite, ddepaula, debarbos, dfreiber, dhoward, dvlasenk, ezulian, fhrbata, hkrzesin, jarod, jburrell, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, lgoncalv, lleshchi, lzampier, nmurray, ptalbert, qzhao, rogbas, rvrbovsk, scweaver, swood, tyberry, vkumar, walters, williams | |
| Alex | 2023-01-29 14:43:12 UTC | Doc Text | An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. This is an uid mapping bug. A local user could use this flaw to escalate their privileges on the system. |
| Alex | 2023-01-29 14:50:04 UTC | Depends On | 2165343, 2165344, 2165345, 2165339, 2165353, 2165350, 2165340, 2165341, 2165347, 2165354, 2165348, 2165351, 2165337, 2165346, 2165349, 2165342, 2165338, 2165352 | |
| Alex | 2023-01-29 14:53:42 UTC | CC | arachman, jpoimboe, lveyde, michal.skrivanek, mperina, rhandlin, sbonazzo, ycote | |
| Alex | 2023-01-29 15:04:30 UTC | Depends On | 2165356 | |
| Alex | 2023-01-29 15:05:46 UTC | Depends On | 2165357 | |
| Alex | 2023-01-29 15:06:42 UTC | Depends On | 2165358 | |
| Alex | 2023-01-29 15:08:40 UTC | Depends On | 2165360 | |
| Alex | 2023-01-29 15:09:10 UTC | Depends On | 2165359 | |
| Alex | 2023-01-29 15:12:08 UTC | Depends On | 2165362 | |
| Alex | 2023-01-29 15:12:46 UTC | Depends On | 2165361 | |
| Alex | 2023-01-29 15:14:23 UTC | Depends On | 2165368 | |
| Alex | 2023-01-30 11:39:29 UTC | Comment | 0 | updated |
| RaTasha Tillery-Smith | 2023-01-30 14:13:34 UTC | Doc Text | An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. This is an uid mapping bug. A local user could use this flaw to escalate their privileges on the system. | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. |
| Joe Lawrence | 2023-02-08 13:45:27 UTC | CC | dbohanno | |
| Joe Lawrence | 2023-03-14 17:04:40 UTC | CC | rysulliv | |
| Alex | 2023-03-22 08:41:20 UTC | CC | allarkin, jdenham, kernel-mgr, kpatch-maint, ldoskova, rrobaina, wcosta, wmealing | |
| Group | security, qe_staff | |||
| Summary | EMBARGOED CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation | CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation | ||
| Alex | 2023-03-22 08:41:52 UTC | Depends On | 2180765 | |
| Alex | 2023-03-22 13:27:30 UTC | Fixed In Version | Linux kernel 6.2-rc6 | |
| Red Hat Bugzilla | 2023-04-01 08:42:27 UTC | CC | dhoward | |
| errata-xmlrpc | 2023-04-04 06:53:21 UTC | Link ID | Red Hat Product Errata RHSA-2023:1554 | |
| errata-xmlrpc | 2023-04-04 09:05:18 UTC | Link ID | Red Hat Product Errata RHSA-2023:1584 | |
| errata-xmlrpc | 2023-04-04 09:21:37 UTC | Link ID | Red Hat Product Errata RHSA-2023:1566 | |
| errata-xmlrpc | 2023-04-05 13:43:09 UTC | Link ID | Red Hat Product Errata RHSA-2023:1660 | |
| errata-xmlrpc | 2023-04-05 14:05:49 UTC | Link ID | Red Hat Product Errata RHSA-2023:1659 | |
| errata-xmlrpc | 2023-04-10 01:30:26 UTC | Link ID | Red Hat Product Errata RHSA-2023:1677 | |
| errata-xmlrpc | 2023-04-10 13:34:40 UTC | Link ID | Red Hat Product Errata RHSA-2023:1681 | |
| errata-xmlrpc | 2023-04-11 14:24:03 UTC | Link ID | Red Hat Product Errata RHSA-2023:1691 | |
| errata-xmlrpc | 2023-04-11 14:26:11 UTC | Link ID | Red Hat Product Errata RHSA-2023:1703 | |
| errata-xmlrpc | 2023-04-13 14:44:48 UTC | Flags | needinfo?(allarkin) | |
| Link ID | Red Hat Product Errata RHBA-2023:1777 | |||
| Joe Lawrence | 2023-04-14 13:23:11 UTC | Flags | needinfo?(allarkin) | |
| errata-xmlrpc | 2023-04-25 10:21:18 UTC | Link ID | Red Hat Product Errata RHSA-2023:1980 | |
| errata-xmlrpc | 2023-04-25 10:22:35 UTC | Link ID | Red Hat Product Errata RHSA-2023:1984 | |
| errata-xmlrpc | 2023-04-25 10:24:53 UTC | Link ID | Red Hat Product Errata RHSA-2023:1970 | |
| Kazu Yoshida | 2023-04-26 23:25:21 UTC | CC | kyoshida | |
| Flos Qi Guo | 2023-05-07 05:26:36 UTC | CC | qguo | |
| Francois Andrieu | 2023-05-11 07:26:35 UTC | CC | fandrieu | |
| Kazu Yoshida | 2023-05-17 06:35:01 UTC | Flags | needinfo?(security-response-team) | |
| Product Security DevOps Team | 2023-05-17 11:40:24 UTC | Flags | needinfo?(security-response-team) | needinfo?(allarkin) |
| Alex | 2023-05-18 08:41:15 UTC | Flags | needinfo?(allarkin) | |
| Red Hat Bugzilla | 2023-07-07 08:33:26 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 2159505