Multiple local privilege escalation vulnerabilities in the OverlayFS implementation for Ubuntu Linux kernel (Azure) allow attackers to gain elevated privileges due to improper permission checks (CVE-2023-2640 and CVE-2023-32629, both CVSS 7.8 HIGH). Additionally, critical vulnerabilities in network and NVMe drivers (CVE-2026-23112, CVSS 9.8 CRITICAL) could allow system compromise. The kernel driver flaws affect Linux kernel versions 5.0 through 5.10.249, 5.11 through 5.15.199, 5.16 through 6.1.162, 6.2 through 6.6.123, and 6.7 through 6.12.69, with fixes available in versions 5.10.250, 5.15.200, 6.1.163, 6.6.124, 6.12.70, and 6.18.10 respectively.
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; (CVE-2026-23112, CVE-2026-23273)