VDB
DEBIAN-CVE-2023-0386
DEBIAN-CVE-2023-0386
PUBLISHED
CVSS 7.800000190734863 HIGH
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 5.10.113-1, 5.10.70-1, 5.10.70-1~bpo10+1 |
| Debian:13 | linux | 0, 0, 0 |
| Debian:14 | linux | 0, 0, 0 |
| Debian:12 | linux | 0, 0, 0 |
Exploit Intelligence
- Copy fake in-memory files to disk using overlayFS (github-poc-repo)
- Copy fake in-memory files to disk using overlayFS (github-poc)
- From deobfuscating code.js to root, CVE-2023-0386 (github-poc-repo)
- From deobfuscating code.js to root, CVE-2023-0386 (github-poc)
- From deobfuscating code.js to root, CVE-2023-0386 (github-poc-repo)
- From deobfuscating code.js to root, CVE-2023-0386 (github-poc)
- julianertle/CVE-2023-0386-CTF (github-poc-repo)
- julianertle/CVE-2023-0386-CTF (github-poc)
- churamanib/CVE-2023-0386 (github-poc-repo)
- CVE-2023-0386 包含所需运行库 (github-poc-repo)
…and 24 more exploits
Timeline
- Mar 22, 2023 CVE Published
- Apr 28, 2026 CVE Updated