Add information on CVE-2023-0386

author: Salvatore Bonaccorso <carnil@debian.org> 2023-05-11 08:47:43 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-05-11 08:47:43 +0200
commit: ca3ef57a3f64d38e8daf56d0994eedbb854d611c (patch)
tree: bb56c6c4131a4fa0ab17e90a732a1906d90a388e /active/CVE-2023-0386
parent: e77a9691aa932011b416ae4126679d0ce4e7bca9 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/active/CVE-2023-0386 b/active/CVE-2023-0386
index 145bc137..7ea07213 100644
--- a/active/CVE-2023-0386
+++ b/active/CVE-2023-0386
@@ -1,8 +1,12 @@
 Description: ovl: fail on invalid uid/gid mapping at copy up
 References:
  https://bugzilla.redhat.com/show_bug.cgi?id=2159505
+ https://github.com/chenaotian/CVE-2023-0386
 Notes:
  carnil> Issue different from CVE-2021-3847.
+ carnil> Only exploitable after commit 459c7c565ac3 "ovl: unprivieged
+ carnil> mounts" in 5.11-rc1, or if the Debian-specific module parameter
+ carnil> permit_mounts_in_userns is enabled.
 Bugs:
 upstream: released (6.2-rc6) [4f11ada10d0ad3fd53e2bd67806351de63a4f9c3]
 6.1-upstream-stable: released (6.1.9) [42fea1c35254c49cce07c600d026cbc00c6d3c81]
author	Salvatore Bonaccorso <carnil@debian.org>	2023-05-11 08:47:43 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-05-11 08:47:43 +0200
commit	ca3ef57a3f64d38e8daf56d0994eedbb854d611c (patch)
tree	bb56c6c4131a4fa0ab17e90a732a1906d90a388e /active/CVE-2023-0386
parent	e77a9691aa932011b416ae4126679d0ce4e7bca9 (diff)