[Jammy,Kinetic,OEM-5.17,OEM-6.0 0/1] CVE-2023-0386
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Apr 11 12:24:30 UTC 2023
[Impact]
Unprivileged user may copy a suid binary from a nosuid mount.
[Backport]
Applying to all kernels that have not been released with the fix yet.
This is mitigated on older kernels with different SAUCE changes.
[Test case]
Touching a suid binary on an overlayfs mount does not copy it to the upper
directory any longer after applying this fix.
[Potential regression]
Some copy ups on overlayfs will fail, preventing certain operations.
Miklos Szeredi (1):
ovl: fail on invalid uid/gid mapping at copy up
fs/overlayfs/copy_up.c | 4 ++++
1 file changed, 4 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list