Unrated severityCISA KEVNVD Advisory· Published Mar 22, 2023· Updated Oct 21, 2025
CVE-2023-0386
CVE-2023-0386
Description
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Affected products
1- Linux/Linux kerneldescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.debian.org/security/2023/dsa-5402mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2023/06/msg00008.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlmitremailing-list
- packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.htmlmitre
- git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mitre
- security.netapp.com/advisory/ntap-20230420-0004/mitre
News mentions
0No linked articles in our index yet.