Post

Critical Linux Kernel Flaw Added to CISA's Known Exploited Vulnerabilities Catalog

Posted
By Vitus White
1 min read
Critical Linux Kernel Flaw Added to CISA's Known Exploited Vulnerabilities Catalog

TL;DR

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux Kernel vulnerability (CVE-2023-0386) to its Known Exploited Vulnerabilities (KEV) catalog. This flaw allows for privilege escalation and poses significant risks to both federal agencies and private organizations. CISA has mandated federal agencies to address this vulnerability by July 8, 2025.

Main Content

CISA Adds Linux Kernel Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux Kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, tracked as CVE-2023-0386, has a CVSS score of 7.8 and can be exploited to escalate privileges on vulnerable systems.

Details of the Vulnerability

CVE-2023-0386 is an improper ownership vulnerability in the Linux kernel. According to the advisory, the flaw resides in the Linux kernel’s OverlayFS subsystem. It allows unauthorized access to the execution of the setuid file with capabilities, enabling a local user to escalate their privileges1.

CISA Directive and Recommendations

Under the Binding Operational Directive (BOD) 22-01, federal agencies are required to address identified vulnerabilities by the specified due date. For CVE-2023-0386, CISA has set the deadline as July 8, 2025. Private organizations are also urged to review the KEV catalog and address vulnerabilities within their infrastructure2.

Conclusion

The addition of CVE-2023-0386 to CISA’s KEV catalog underscores the importance of timely vulnerability management. Both federal agencies and private organizations should prioritize patching this critical flaw to mitigate potential risks.

Additional Resources

For further insights, check:

References

  1. “A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.” CVE-2023-0386 ↩︎

  2. Under the Binding Operational Directive (BOD) 22-01, federal agencies are required to address identified vulnerabilities by the specified due date. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity linux vulnerability
This post is licensed under CC BY 4.0 by the author.