Bug 2229734 (CVE-2023-2640, CVE-2023-32629) - CVE-2023-2640 CVE-2023-32629 kernel: overlayfs: In Ubuntu skip permission checking for trusted.overlayfs.* xattrs
Summary: CVE-2023-2640 CVE-2023-32629 kernel: overlayfs: In Ubuntu skip permission che...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-2640, CVE-2023-32629
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2229735
Blocks: 2229723
TreeView+ depends on / blocked
 
Reported: 2023-08-07 13:12 UTC by Alex
Modified: 2023-08-07 22:25 UTC (History)
49 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux Kernel where the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. This flaw allows a local attacker to gain elevated privileges due to skipped permission in checking for trusted.overlayfs.* xattrs (CVE-2023-2640). There is a similar local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data due to skipped permission checks when calling ovl_do_setxattr on Ubuntu kernels (CVE-2023-32629).
Clone Of:
Environment:
Last Closed: 2023-08-07 19:01:21 UTC
Embargoed:

Attachments (Terms of Use)

Description Alex 2023-08-07 13:12:16 UTC 
A flaw in the Linux Kernel found. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640)
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels. (CVE-2023-32629)

References:
https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html (CVE-2023-2640)
https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html (CVE-2023-32629)
https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
Comment 1 Alex 2023-08-07 13:12:44 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2229735]
Comment 3 Product Security DevOps Team 2023-08-07 19:01:18 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-2640
https://access.redhat.com/security/cve/cve-2023-32629
Comment 4 Justin M. Forbes 2023-08-07 22:25:39 UTC 
Fedora is not impacted by this bug.
Note You need to log in before you can comment on or make changes to this bug.