⚠ Actively exploited
Added to CISA KEV on 2025-06-17. Federal agencies required to patch by 2025-07-08. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2023-0386 — Improper Ownership Management in Kernel
Severity
7.8HIGHNVD
EPSS
49.2%
top 2.22%
CISA KEV
KEV
Added 2025-06-17
Due 2025-07-08
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMar 22
KEV addedJun 17
Latest updateJun 18
KEV dueJul 8
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 10.0, Ubuntu Linux 18.04, 20.04, 22.04
Patches
🔴Vulnerability Details
9GHSA▶
GHSA-p72q-v88c-rprq: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s↗2023-07-06
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities↗2023-04-26