CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability

CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability

Posted on By CWS

Jun 18, 2025Ravie LakshmananLinux / Vulnerability
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday positioned a safety flaw impacting the Linux kernel in its Identified Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited within the wild.
The vulnerability, CVE-2023-0386 (CVSS rating: 7.8), is an improper possession bug within the Linux kernel that might be exploited to escalate privileges on inclined techniques. It was patched in early 2023.
“Linux kernel accommodates an improper possession administration vulnerability, the place unauthorized entry to the execution of the setuid file with capabilities was discovered within the Linux kernel’s OverlayFS subsystem in how a consumer copies a succesful file from a nosuid mount into one other mount,” the company stated.

“This uid mapping bug permits a neighborhood consumer to escalate their privileges on the system.”
It is at the moment not identified how the safety flaw is being exploited within the wild. In a report revealed in Might 2023, Datadog stated the vulnerability is trivial to take advantage of and that it really works by tricking the kernel into making a SUID binary owned by root in a folder like “/tmp” and executing it.

“CVE-2023-0386 lies in the truth that when the kernel copied a file from the overlay file system to the ‘higher’ listing, it didn’t examine if the consumer/group proudly owning this file was mapped within the present consumer namespace,” the corporate stated.
“This enables an unprivileged consumer to smuggle an SUID binary from a ‘decrease’ listing to the ‘higher’ listing, through the use of OverlayFS as an middleman.”
Later that 12 months, cloud safety agency Wiz detailed two safety vulnerabilities dubbed GameOver(lay) (CVE-2023-32629 and CVE-2023-2640) affecting Unix techniques that led to comparable penalties as CVE-2023-0386.
“These flaws permit the creation of specialised executables, which, upon execution, grant the flexibility to escalate privileges to root on the affected machine,” Wiz researchers stated.
Federal Civilian Government Department (FCEB) businesses are required to use the required patches by July 8, 2025, to safe their networks in opposition to energetic threats.

Discovered this text fascinating? Comply with us on Twitter  and LinkedIn to learn extra unique content material we put up.

The Hacker News Tags:, , , , , , , ,

Related Posts

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom The Hacker News
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns The Hacker News
Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery The Hacker News
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands The Hacker News
Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods The Hacker News
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks The Hacker News