CVE-2023-0386

Published Mar 22, 2023

Last updated a month ago

Exploit knownCVSS high 7.8
Linux Kernel

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-0386 is a flaw found in the Linux kernel's OverlayFS subsystem. It involves unauthorized access to the execution of a setuid file with capabilities. Specifically, the vulnerability lies in how a user copies a capable file from a nosuid mount into another mount. This "uid mapping bug" allows a local user to escalate their privileges on the system. The kernel fails to check if the user/group owning a file copied from the overlay file system to the 'upper' directory is mapped in the current user namespace. This can be exploited to create a SUID binary owned by root, allowing an unprivileged user to gain elevated privileges.

Description
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Source
secalert@redhat.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Linux Kernel Improper Ownership Management Vulnerability
Exploit added on
Jun 17, 2025
Exploit action due
Jul 8, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secalert@redhat.com
CWE-282
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

  1. 🚨 Threat Alert: CVE-2023-0386 Linux Kernel OverlayFS – Privilege Escalation Vulnerability 🚨 Armis Centrix™️ for Early Warning flagged this vulnerability on June 14, 2023, providing proactive protection 734 days before CISA added it to their Known Exploited Vulnerabil

    @ArmisSecurity

    8 Jul 2025

    87 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2023-0386: Vulnerabilidad crítica en Linux permite escalar privilegios a nivel root https://t.co/yPfV59JtSh Una reciente advertencia emitida por la Agencia de Ciberseguridad e Infraestructura (CISA) de EE. UU. ha encendido las alarmas sobre una vulnerabilidad crítica en el

    @laboratoriolinu

    27 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Linux, Un attaquant pourrait obtenir une élévation de privilèges sur le noyau via la faille CVE-2023-0386. ⚠️ CISA alerte le 17 Juin 2025 sur l’exploitation active de la vulnérabilité dans le noyau Linux. https://t.co/BntTY7lpqI

    @NicolasCoolman

    22 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2023-0386: Vulnerabilidad crítica en Linux permite escalar privilegios a nivel root https://t.co/7xNVgeaYjY

    @surnoticiasperu

    22 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. New CVEs = Full Root Access on @Linux ? CVE-2025-6018 + CVE-2025-6019 allow remote users to spoof physical access, then go full root via udisks. Add CVE-2023-0386 & you’ve got a serious escalation chain. Patch now! 🔗 https://t.co/SMrpkBeJvN #CyberSecurity #Linux #C

    @socradar

    20 Jun 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA warns of attackers exploiting Linux flaw (CVE-2023-0386) with PoC exploit via @BleepinComputer #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/7D8I7tZLJe

    @proficioinc

    19 Jun 2025

    33 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2023-0386 : CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability https://t.co/gQkfhEZNEG https://t.co/xCeaCnOQjd

    @freedomhack101

    19 Jun 2025

    102 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CISA alerta sobre la vulnerabilidad CVE-2023-0386 en Linux, permitiendo escalada de privilegios a root. Las agencias federales deben parchear antes del 8 de julio. #Linux #Ciberseguridad #SISAPNews https://t.co/IgfSVkchrM

    @SISAP_LATAM

    19 Jun 2025

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 【Linuxに権限昇格の脆弱性:CVE-2025-6018、CVE-2025-6019】両脆弱性を連鎖させると完全なroot権限を得られるという。またこれとは別に米CISAは17日、Linuxカーネルの古い脆弱性CVE-2023-0386(不適切な所有権管理)をKEVカタ

    @MachinaRecord

    19 Jun 2025

    165 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 18/06/2025 CISA warns of active exploitation of CVE-2023-0386, a Linux kernel vulnerability (CVSS 7.8) allowing privilege escalation. Immediate patching is crucial! ⚠️ Source: https://t.co/dZqBUcPdH4

    @kernyx64

    19 Jun 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2023-0386: Critical Linux Vulnerability Exploited in the Wild #CISA #LinuxSecurity #CVE20230386 #PrivilegeEscalation #CyberSecurity #OverlayFS #KernelExploit #VulnerabilityAlert #PatchNow #InfoSec https://t.co/NIuM3hZ4fE

    @cyashadotcom

    18 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Critical #Linux Kernel Flaw Exploited: CISA Flags #CVE-2023-0386 in Active Attacks https://t.co/X6TJzcieN0

    @UndercodeNews

    18 Jun 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA alerts U.S. agencies about actively exploited Linux kernel flaw (CVE-2023-0386) in OverlayFS that enables privilege escalation on kernels below 6.2. Many distributions affected—patches were released in January. ⚠️ #LinuxSecurity #CVE #US https://t.co/JRGFDgqeQf

    @TweetThreatNews

    18 Jun 2025

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 CISA Issues Urgent Warning Over Exploited #Linux Kernel Vulnerability: #CVE-2023-0386 https://t.co/EZopcFTkP0

    @UndercodeNews

    18 Jun 2025

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible systems. It was patched in

    @johndjohnson

    18 Jun 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CISA has added CVE-2023-0386, a Linux kernel privilege escalation vulnerability (CVSS score: 7.8), to its Known Exploited Vulnerabilities catalog due to active exploitation. https://t.co/HHVe8uXpgg

    @securityRSS

    18 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Linux users: imagine your system's hidden door left wide open. CVE-2023-0386 lets attackers snag root access in popular distros. Is your setup at risk? Dive in to learn more before it’s too late. https://t.co/gcVRo1EunW

    @DefendOpsHQ

    18 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CISA warns of active exploitation of CVE-2023-0386, a critical Linux kernel privilege escalation in OverlayFS (before 6.2-rc6). Attackers can escalate privileges and run arbitrary code. Affected products include NetApp systems. 🛡️ #Linux #Vulnerabilities https://t.co/VFM7Fyi

    @TweetThreatNews

    18 Jun 2025

    57 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 A developer pulls code from GitHub. Unknowingly triggers a trap. "Water Curse" strikes again. Meanwhile: Linux admins scramble over CVE-2023-0386, Veeam users face a 9.9 CVSS bomb, and Iran throttles internet nationwide. https://t.co/d2nepCTUMH

    @mitycyber

    18 Jun 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2023-0386: CISA warns this Linux kernel OverlayFS flaw is actively exploited. A local user can escalate privileges to root. Patch immediately. Federal agencies must update by July 8. #Linux #CVE2023 #PrivilegeEscalation #OverlayFS #CyberSecurity #PatchNow #CloneSystems htt

    @CloneSystemsInc

    18 Jun 2025

    52 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨🐧 CVE-2023-0386 (CVSS 7.8) Alert: A Linux kernel OverlayFS bug lets local users escalate privileges by copying setuid-capable files from nosuid mounts. ⚠️ Upgrade your kernel to 6.11.8+ 🔒 Read our CVE report: https://t.co/rtDLhQNDqF #Linux #Kernel #InfoSec #Cybe

    @BaseFortify

    18 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CISA alerts active exploitation of critical Linux bug CVE-2023-0386 in OverlayFS, enabling privilege escalation via SUID smuggling. Patches needed by July 8, 2025, to prevent system compromise. 🚨 #Linux #Security #US https://t.co/bD9SQFCJeP

    @TweetThreatNews

    18 Jun 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🛠️🔓 A critical Linux kernel flaw (CVE-2023-0386) is now confirmed actively exploited—granting root access via a simple trick. CISA just added it to the KEV list. Agencies have until July 8 to fix it. Details here → https://t.co/4Hn07GsoPG

    @NormanOre

    18 Jun 2025

    22 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 📌 حذرت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) من استغلال نشط لثغرة في نواة لينوكس، تُعرف بـ CVE-2023-0386، والتي تصنف في قائمة الثغرات المعروفة ا

    @Cybercachear

    18 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. 🛠️🔓 A critical Linux kernel flaw (CVE-2023-0386) is now confirmed actively exploited—granting root access via a simple trick. CISA just added it to the KEV list. Agencies have until July 8 to fix it. Details here → https://t.co/ei6aaVGLUf

    @TheHackersNews

    18 Jun 2025

    17789 Impressions

    77 Retweets

    157 Likes

    35 Bookmarks

    3 Replies

    1 Quote

  26. 🔒 A new vulnerability, CVE-2023-0386, in the Linux Kernel could allow local users to escalate privileges via improper ownership management in OverlayFS. Apply mitigations or consider discontinuing use if fixes aren't available. #Linux #CyberSecurity #CV… https://t.co/3rDE7bP

    @prod42net

    18 Jun 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🔒 CISA just added CVE-2023-0386 to its "Oops, Vulnerabilities" list! If your Linux Kernel is feeling a little exposed, time to suit up and patch up! Don’t let cyber gremlins crash your party! #CyberSecurity #Linux #CVE2023 https://t.co/zW8MdOKfM9

    @windowsforum

    17 Jun 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🛡️ We added a Linux kernel improper ownership management vulnerability, CVE-2023-0386 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/bZt4DCTJGI

    @CISACyber

    17 Jun 2025

    7342 Impressions

    26 Retweets

    60 Likes

    9 Bookmarks

    8 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.