CVE-2023-0386 Report - Details, Severity, & Advisories
Twingate Team
•
May 31, 2024
What is CVE-2023-0386?
A high-severity vulnerability, CVE-2023-0386, has been discovered in the Linux kernel's OverlayFS subsystem, affecting Linux systems running specific kernel versions. This flaw could potentially allow local users to escalate their privileges on the system. The vulnerability impacts various Linux distributions and products, including those from NetApp. Users are advised to update their systems to mitigate the risk of unauthorized access, sensitive information disclosure, data modification, or denial of service attacks.
Who is impacted by CVE-2023-0386?
Impacted versions include Linux kernel versions from 5.11 up to excluding 5.15.91, from 5.16 up to excluding 6.1.9, and 6.2 (rc1, rc2, rc3, rc4, rc5). Additionally, users running the OverlayFS implementation in the Linux kernel on Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 22.04 LTS are affected. NetApp products, such as NetApp HCI Baseboard Management Controller (BMC) - H300S, H500S, H700S, H410S and H410C, running Linux Kernel versions prior to 6.2-rc6 are also impacted.
What should I do if I’m affected?
If you're affected by the CVE-2023-0386 vulnerability, it's crucial to take action to secure your system. Here's a simplified step-by-step guide:
Update your Linux kernel to a non-vulnerable version.
For Ubuntu users, update the kernel livepatch to the specified versions for each affected release.
Debian users should upgrade the linux-5.10 packages to version 5.10.179-1~deb10u1 for Debian 10 buster.
NetApp product users should follow the NetApp security advisory for remediation steps.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-0386 vulnerability, found in the Linux kernel's OverlayFS subsystem, is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-282, which involves improper ownership management in the Linux kernel's OverlayFS subsystem.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-0386 Report - Details, Severity, & Advisories
Twingate Team
•
May 31, 2024
What is CVE-2023-0386?
A high-severity vulnerability, CVE-2023-0386, has been discovered in the Linux kernel's OverlayFS subsystem, affecting Linux systems running specific kernel versions. This flaw could potentially allow local users to escalate their privileges on the system. The vulnerability impacts various Linux distributions and products, including those from NetApp. Users are advised to update their systems to mitigate the risk of unauthorized access, sensitive information disclosure, data modification, or denial of service attacks.
Who is impacted by CVE-2023-0386?
Impacted versions include Linux kernel versions from 5.11 up to excluding 5.15.91, from 5.16 up to excluding 6.1.9, and 6.2 (rc1, rc2, rc3, rc4, rc5). Additionally, users running the OverlayFS implementation in the Linux kernel on Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 22.04 LTS are affected. NetApp products, such as NetApp HCI Baseboard Management Controller (BMC) - H300S, H500S, H700S, H410S and H410C, running Linux Kernel versions prior to 6.2-rc6 are also impacted.
What should I do if I’m affected?
If you're affected by the CVE-2023-0386 vulnerability, it's crucial to take action to secure your system. Here's a simplified step-by-step guide:
Update your Linux kernel to a non-vulnerable version.
For Ubuntu users, update the kernel livepatch to the specified versions for each affected release.
Debian users should upgrade the linux-5.10 packages to version 5.10.179-1~deb10u1 for Debian 10 buster.
NetApp product users should follow the NetApp security advisory for remediation steps.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-0386 vulnerability, found in the Linux kernel's OverlayFS subsystem, is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-282, which involves improper ownership management in the Linux kernel's OverlayFS subsystem.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-0386 Report - Details, Severity, & Advisories
Twingate Team
•
May 31, 2024
What is CVE-2023-0386?
A high-severity vulnerability, CVE-2023-0386, has been discovered in the Linux kernel's OverlayFS subsystem, affecting Linux systems running specific kernel versions. This flaw could potentially allow local users to escalate their privileges on the system. The vulnerability impacts various Linux distributions and products, including those from NetApp. Users are advised to update their systems to mitigate the risk of unauthorized access, sensitive information disclosure, data modification, or denial of service attacks.
Who is impacted by CVE-2023-0386?
Impacted versions include Linux kernel versions from 5.11 up to excluding 5.15.91, from 5.16 up to excluding 6.1.9, and 6.2 (rc1, rc2, rc3, rc4, rc5). Additionally, users running the OverlayFS implementation in the Linux kernel on Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 22.04 LTS are affected. NetApp products, such as NetApp HCI Baseboard Management Controller (BMC) - H300S, H500S, H700S, H410S and H410C, running Linux Kernel versions prior to 6.2-rc6 are also impacted.
What should I do if I’m affected?
If you're affected by the CVE-2023-0386 vulnerability, it's crucial to take action to secure your system. Here's a simplified step-by-step guide:
Update your Linux kernel to a non-vulnerable version.
For Ubuntu users, update the kernel livepatch to the specified versions for each affected release.
Debian users should upgrade the linux-5.10 packages to version 5.10.179-1~deb10u1 for Debian 10 buster.
NetApp product users should follow the NetApp security advisory for remediation steps.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-0386 vulnerability, found in the Linux kernel's OverlayFS subsystem, is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-282, which involves improper ownership management in the Linux kernel's OverlayFS subsystem.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions