This article details multiple vulnerabilities in the Ubuntu Linux kernel, specifically two local privilege escalation flaws (CVE-2023-2640, CVE-2023-32629) in the OverlayFS implementation due to improper permission checks, and several unspecified issues in network and NVME drivers (CVE-2026-23112, CVE-2026-23273). The advisory USN-8255-1 provides the necessary security update, but the article does not specify the affected kernel version ranges, the exact fixed version number, or any CVSS scores.
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; (CVE-2026-23112, CVE-2026-23273)