CVE-2023-0386

Confirmed PUBLISHED

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux...

Linux · Linux kernel

1 day faster than CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High EPSS 7.9%

At a Glance

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

cisa linux
CVE Published
Mar 22, 2023
Exploitation Reported
Jun 01, 2026
CVSS
7.8 High
EPSS
7.9%
Low complexity No user interaction

Affected Versions

Vendor Product Version Status
n/a
Kernel

Linux kernel 6.2-rc6

Affected

CVE References

Show 1 more reference

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.