Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2640

CVSS 7.8 · High EPSS 91.39% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-2640

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Canonical Ubuntu Linux 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Canonical Ubuntu Linux是英国科能软件(Canonical)公司的一套Linux操作系统。 Canonical Ubuntu Linux存在安全漏洞,该漏洞源于内核中的OverlayFS没有执行权限检查,导致存在权限提升漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
CanonicalUbuntu Kernel--

II. Public POCs for CVE-2023-2640

#POC DescriptionSource LinkShenlong Link
1CVE-2023-2640 CVE-2023-32629https://github.com/OllaPapito/gameoverlayPOC Details
2GameoverlayFS (CVE-2023-2640 and CVE-2023-32629) exploit in Shell Script tested on Ubuntu 20.04 Kernel 5.4.0https://github.com/luanoliveira350/GameOverlayFSPOC Details
3GameOver(lay) Ubuntu Privilege Escalationhttps://github.com/g1vi/CVE-2023-2640-CVE-2023-32629POC Details
4Nonehttps://github.com/vinetsuicide/CVE-2023-2640-CVE-2023-32629POC Details
5Escalating Privilege using CVE-2023-2640 CVE-2023-3262 https://github.com/SanjayRagavendar/Ubuntu-GameOver-LayPOC Details
6Nonehttps://github.com/Nkipohcs/CVE-2023-2640-CVE-2023-32629POC Details
7Nonehttps://github.com/musorblyat/CVE-2023-2640-CVE-2023-32629POC Details
8Nonehttps://github.com/K5LK/CVE-2023-2640-32629POC Details
9A local privilege escalation vulnerability has been discovered in the OverlayFS module of the Ubuntu kernel. This vulnerability could allow an attacker with local access to escalate their privileges, potentially gaining root-like access to the system. https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2023/CVE-2023-2640.yamlPOC Details
10Dimostrazione di una vulnerabilità RCE (Remote Code Execution) in phpMyAdmin 4.8.1, con exploit per reverse shell e analisi di privilege escalation tramite la vulnerabilità CVE-2023-2640/CVE-2023-32629 (GameOverlay) su kernel Linux.https://github.com/filippo-zullo98/phpMyAdmin-RCE-Exploit-LabPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-2640

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Ubuntu Kernel
Same vendor: Canonical
Same weakness: CWE-863

V. Comments for CVE-2023-2640

No comments yet

Leave a comment