The US Cybersecurity and Infrastructure Security Agency (CISA) said Tuesday that it has been actively exploited in the wild by placing security flaws affecting Linux kernels in its known exploited vulnerabilities (KEV) catalog.
The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an inappropriate ownership bug in the Linux kernel and could be exploited to escalate the privileges of the susceptible system. The patch was applied in early 2023.
“The Linux kernel contains an inappropriate ownership management vulnerability. In this case, the OverlayFS subsystem of the Linux kernel that does not make SetUID files work, allowed users to find a way to copy a capable file from a NOSUID mount to another mount,” the agency said.
“This UID mapping bug allows local users to escalate privileges on the system.”
Currently, we don’t know how security flaws are being exploited in the wild. In a report released in May 2023, Datadog said the vulnerability is easy to exploit and works by tricking the kernel and creating and running root-owned SUID binaries in folders such as “/TMP”.
“CVE-2023-0386 lies in the fact that when the kernel copied a file from the overlay file system to the ‘upper’ directory, it did not check if the user/group that owned this file was mapped to the current username space,” the company says.
“This allows non-dedicated users to smuggle SUID binaries from the ‘bottom’ directory to the ‘top’ directory by using overlayfs as an intermediary. ”
Later that year, cloud security company Wiz detailed two security vulnerabilities called GameOver (lay) (CVE-2023-32629 and CVE-2023-2640).
“These flaws allow specialized executables to create and provide the ability to escalate the privileges of rooting affected machines at runtime,” Wiz researchers said.
The Federal Civil Enforcement Division (FCEB) agency must apply the necessary patches by July 8, 2025 to ensure its network from aggressive threats.
Source link
