Main Vulnerability Database Exploits ID:10993 - Exploit for Permissions, Privileges, and Access Controls in linux-image-6.2.0-1006-ibm (Ubuntu package) - CVE-2023-2640

ID:10993 - Exploit for Permissions, Privileges, and Access Controls in linux-image-6.2.0-1006-ibm (Ubuntu package) - CVE-2023-2640

Published: December 18, 2024

Vulnerability identifier: #VU78673

Vulnerability risk: Low

CVE-ID: CVE-2023-2640

CWE-ID: CWE-264

Exploitation vector: Local access

Vulnerable software:
linux-image-6.2.0-1006-ibm (Ubuntu package)

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/local/gameoverlay_privesc

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permission checks for trusted.overlayfs.* xattrs". A local user can set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

Remediation

Install updates from vendor's website.

ID:10993 - Exploit for Permissions, Privileges, and Access Controls in linux-image-6.2.0-1006-ibm (Ubuntu package) - CVE-2023-2640

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human