From b5abcac7508d8f69c00d8533cbb2a8056db807dc Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 11 Nov 2023 11:13:40 +0530 Subject: [PATCH] Updated info --- code/cves/2023/CVE-2023-32629.yaml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/code/cves/2023/CVE-2023-32629.yaml b/code/cves/2023/CVE-2023-32629.yaml index ec54ea9390..086abd1264 100644 --- a/code/cves/2023/CVE-2023-32629.yaml +++ b/code/cves/2023/CVE-2023-32629.yaml @@ -6,11 +6,27 @@ info: severity: high description: | A local privilege escalation vulnerability has been discovered in the OverlayFS module of the Ubuntu kernel. This vulnerability could allow an attacker with local access to escalate their privileges, potentially gaining root-like access to the system. + impact: | + An attacker with local access can gain elevated privileges on the affected system. + remediation: | + Apply the latest security patches and updates provided by Ubuntu to fix the vulnerability. reference: - - https://gist.github.com/win3zz/aa1ac16c4458aaaec6dd79343b8cd46f - - https://ubuntu.com/security/CVE-2023-32629 - - https://nvd.nist.gov/vuln/detail/CVE-2023-32629 - - https://nvd.nist.gov/vuln/detail/CVE-2023-2640 + - http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629 + - https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html + - https://ubuntu.com/security/notices/USN-6250-1 + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.8 + cve-id: CVE-2023-32629 + cwe-id: CWE-863 + epss-score: 0.00042 + epss-percentile: 0.0572 + cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:* + metadata: + verified: true + vendor: canonical + product: ubuntu_linux tags: cve,cve2023,kernel,ubuntu,linux,privesc,local self-contained: true