CVE-2023-0386

Name: CVE-2023-0386
Creator: NVD / NIST
Published: 2023-03-22T21:15:18.09+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10Actively ExploitedEPSS 7.88%

Last modified Jun 17, 2026

CVE-2023-0386 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.. CISA has confirmed active exploitation in the wild. EPSS estimates a 7.88% chance of exploitation in the next 30 days.

Description

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

7.88%

94.0th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jul 8, 2025.

Weakness Enumeration

CWE-282

Affected Software

Vendor	Product	Versions	Update
Debian	Debian Linux	10.0	—
Netapp	H300s Firmware	All versions	—
Netapp	H500s Firmware	All versions	—
Netapp	H700s Firmware	All versions	—
Netapp	H410s Firmware	All versions	—
Netapp	H410c Firmware	All versions	—
Canonical	Ubuntu Linux	18.04	—
Canonical	Ubuntu Linux	20.04	—
Canonical	Ubuntu Linux	22.04	—
Linux	Linux Kernel	>= 5.11, < 5.15.91	—
Linux	Linux Kernel	>= 5.16, < 6.1.9	—
Linux	Linux Kernel	6.2	Rc1

References

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.htmlThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0aBroken Link, Mailing List, Patch, Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00008.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlMailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0004/Third Party Advisory
https://www.debian.org/security/2023/dsa-5402Third Party Advisory
http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.htmlThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0aBroken Link, Mailing List, Patch, Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00008.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlMailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0004/Third Party Advisory
https://www.debian.org/security/2023/dsa-5402Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0386US Government Resource

Timeline

Published: Mar 22, 2023
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2023-0386?

How severe is CVE-2023-0386?

CVE-2023-0386 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 7.88% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2023-0386?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-0386?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST