CVE-2023-0386Linux Kernel Improper Ownership Management Vulnerability

PUBLISHEDvulnerability record
2025-06-17 · last modified June 21, 2025

Metadata

CVE ID:
CVE-2023-0386
Project:
Linux
Product:
Kernel
Date Added:
2025-06-17
Due Date:
2025-07-08
Last Updated:
June 21, 2025

Vulnerability Name

Linux Kernel Improper Ownership Management Vulnerability

Description

Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles

Related Weaknesses