A flaw in the Linux Kernel found. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels. (CVE-2023-32629) References: https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html (CVE-2023-2640) https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html (CVE-2023-32629) https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2229735]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-2640 https://access.redhat.com/security/cve/cve-2023-32629
Fedora is not impacted by this bug.