Canonical Issues New Ubuntu Kernel Updates to Fix Two Local Privilege Escalation Flaws
The first vulnerability patched in this new Ubuntu kernel update is CVE-2023-1829, a flaw discovered in the Traffic-Control Index (TCINDEX) implementation that could allow a local attacker to elevate its privileges to root. Canonical notes the fact that to actually fix this flaw, they had to remove kernel support for the TCINDEX classifier.
The second local privilege escalation vulnerability affecting the aforementioned Ubuntu releases is CVE-2023-0386, a flaw discovered in the OverlayFS file system implementation that could allow a local attacker to escalate their privileges on the vulnerable system.