CVE-2023-2640 Information

Description

On Ubuntu kernels carrying both c914c0e27eb0 and UNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs. xattrs\ an unprivileged user may set privileged extended attributes on the mounted files leading them to be set on the upper files without the appropriate security checks.

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 https://ubuntu.com/security/notices/USN-6250-1 https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html https://wiz.io/blog/ubuntu-overlayfs-vulnerability