CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
CISA将Linux内核漏洞CVE-2023-0386列为已知被利用漏洞(CVSS 7.8),该漏洞可导致权限提升。攻击者可利用OverlayFS子系统中的不当文件复制机制,在目标系统中执行恶意代码以获取更高权限。尽管该漏洞已在2023年初修复,但其野外利用情况尚不清楚。CISA要求联邦机构于2025年7月前完成修补以应对威胁。 2025-6-18 06:43:0 Author: thehackernews.com(查看原文) 阅读量:23 收藏

Linux Kernel Privilege Escalation Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.

The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible systems. It was patched in early 2023.

"Linux kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount," the agency said.

Cybersecurity

"This uid mapping bug allows a local user to escalate their privileges on the system."

It's currently not known how the security flaw is being exploited in the wild. In a report published in May 2023, Datadog said the vulnerability is trivial to exploit and that it works by tricking the kernel into creating a SUID binary owned by root in a folder like "/tmp" and executing it.

"CVE-2023-0386 lies in the fact that when the kernel copied a file from the overlay file system to the 'upper' directory, it did not check if the user/group owning this file was mapped in the current user namespace," the company said.

"This allows an unprivileged user to smuggle an SUID binary from a 'lower' directory to the 'upper' directory, by using OverlayFS as an intermediary."

Later that year, cloud security firm Wiz detailed two security vulnerabilities dubbed GameOver(lay) (CVE-2023-32629 and CVE-2023-2640) affecting Unix systems that led to similar consequences as CVE-2023-0386.

"These flaws allow the creation of specialized executables, which, upon execution, grant the ability to escalate privileges to root on the affected machine," Wiz researchers said.

Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary patches by July 8, 2025, to secure their networks against active threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2025/06/cisa-warns-of-active-exploitation-of.html
如有侵权请联系:admin#unsafe.sh