CVE-2023-0386: 
Linux Kernel vulnerability analysis and mitigation

A flaw was discovered in the Linux kernel's OverlayFS subsystem (CVE-2023-0386) where unauthorized access to the execution of setuid files with capabilities was found. The vulnerability was disclosed on March 22, 2023, affecting Linux kernel versions prior to 6.2-rc6. The issue specifically occurs in how a user copies a capable file from a nosuid mount into another mount (NVD, Ubuntu Security).

The vulnerability stems from a uid mapping bug in the OverlayFS implementation that fails to properly handle copy up operations under certain conditions. The issue was fixed in Linux kernel 6.2-rc6 through a patch that implements proper validation of uid/gid mapping during copy up operations. The vulnerability has been assigned a CVSS score of 7.8 (High), with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NetApp Security).

When successfully exploited, this vulnerability allows a local user with permissions to mount overlay mounts in user namespaces to escalate their privileges on the system. The impact includes potential disclosure of sensitive information, addition or modification of data, and possible Denial of Service (DoS) (Debian Security).

The vulnerability has been fixed in multiple Linux distributions through security updates. For example, Ubuntu has released fixes in versions 5.19.0-41.42 for 22.10 and 5.15.0-70.77 for 22.04 LTS. Debian has addressed the issue in version 5.10.179-1 for the stable distribution (bullseye). Users are strongly recommended to upgrade their Linux kernel to the patched versions (Ubuntu Security, Debian Security).