Tech »  Topic »  CISA Alerts to Active Exploits of Linux Kernel Improper Ownership Management Vulnerability

CISA Alerts to Active Exploits of Linux Kernel Improper Ownership Management Vulnerability


Credential Abuse: 15-Min Attack Simulation

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding active exploitation of a critical Linux kernel vulnerability, tracked as CVE-2023-0386, which has now been added to the Known Exploited Vulnerabilities (KEV) Catalog.

This flaw, rooted in the OverlayFS subsystem of the Linux kernel, allows local users to escalate privileges and potentially gain root-level access on affected systems—a scenario that poses significant risks to both enterprise and cloud environments.

Linux Kernel Improper Ownership Management Vulnerability – CVE-2023-0386

CVE-2023-0386 is classified as an improper ownership management vulnerability (CWE-282) within the OverlayFS subsystem of the Linux kernel.

The flaw emerges when a user copies a file with special capabilities from a nosuid mount into another mount, due to the kernel’s failure to properly clear setuid and setgid bits during the copy-up operation.

This oversight enables unauthorized users to execute files with elevated privileges, effectively ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE