Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in Ubuntu OverlayFS Module
Alerts

High-Severity Vulnerability in Ubuntu OverlayFS Module

28 July 2023

Ubuntu has released security updates to address a high-severity vulnerability (CVE-2023-2640) in their OverlayFS module. The proof-of-concept exploit code targeting this vulnerability is reported to be publicly available.

Successful exploitation of the privilege escalation vulnerability could allow a local attacker to gain elevated privileges due to inadequate permission checks.

The vulnerability affects the following products:

• Ubuntu 23.04 (Lunar Lobster) version 6.2.0

• Ubuntu 22.10 (Kinetic Kudu) version 5.19.0

• Ubuntu 22.04 LTS (Jammy Jellyfish) versions 5.19.0 and 6.2.0

Users and administrators of the affected Ubuntu versions are advised to update to the latest versions immediately.

More information is available here:

https://ubuntu.com/security/notices/USN-6250-1

https://www.bleepingcomputer.com/news/security/almost-40-percent-of-ubuntu-users-vulnerable-to-new-privilege-elevation-flaws/

https://nvd.nist.gov/vuln/detail/CVE-2023-2640

https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability

Back to top