Vulnerability in Kernel
CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another…
EPSS: 0.506 (97.9th percentile) — read the EPSS interpretation.
Affected products
- N/a Kernel — versions Linux kernel 6.2-rc6
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
References
- git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
- security.netapp.com/advisory/ntap-20230420-0004/
- DSA-5402 (vendor-advisory)
- [debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update (mailing-list)
- packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095…
- [debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update (mailing-list)
Frequently asked questions
- What is CVE-2023-0386?
- CVE-2023-0386 is a vulnerability in Kernel, classified under CWE-282. Published 2023-03-22.
- Is CVE-2023-0386 known to be exploited?
- Yes. CVE-2023-0386 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-06-17), indicating it is being actively exploited. 79 public proof-of-concept repositories are indexed.