Back to bug 2229734
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Alex | 2023-08-07 13:12:37 UTC | Depends On | 2229735 | |
| Alex | 2023-08-07 13:16:45 UTC | Doc Text | A flaw in the Linux Kernel found. The OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges, because skipped permission checking for trusted.overlayfs.* xattrs (CVE-2023-2640). Similar local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data, because skipped permission checks when calling ovl_do_setxattr on Ubuntu kernels (CVE-2023-32629). | |
| RaTasha Tillery-Smith | 2023-08-07 16:56:17 UTC | Doc Text | A flaw in the Linux Kernel found. The OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges, because skipped permission checking for trusted.overlayfs.* xattrs (CVE-2023-2640). Similar local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data, because skipped permission checks when calling ovl_do_setxattr on Ubuntu kernels (CVE-2023-32629). | A flaw was found in the Linux Kernel where the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. This flaw allows a local attacker to gain elevated privileges due to skipped permission in checking for trusted.overlayfs.* xattrs (CVE-2023-2640). There is a similar local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data due to skipped permission checks when calling ovl_do_setxattr on Ubuntu kernels (CVE-2023-32629). |
| Product Security DevOps Team | 2023-08-07 19:01:21 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2023-08-07 19:01:21 UTC |
Back to bug 2229734