automatic module_metadata_base.json update

db/modules_metadata_base.json

@@ -88994,6 +88994,71 @@
 
     ]
   },
+  "exploit_linux/local/gameoverlay_privesc": {
+    "name": "GameOver(lay) Privilege Escalation and Container Escape",
+    "fullname": "exploit/linux/local/gameoverlay_privesc",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2023-07-26",
+    "type": "exploit",
+    "author": [
+      "g1vi",
+      "h00die",
+      "bwatters-r7",
+      "gardnerapp"
+    ],
+    "description": "This module exploits the use of unsafe functions in a number of Ubuntu kernels\n          utilizing vunerable versions of overlayfs. To mitigate CVE-2021-3493 the Linux\n          kernel added a call to vfs_setxattr during ovl_do_setxattr. Due to independent\n          changes to the kernel by the Ubuntu development team __vfs_setxattr_noperm is\n          called during ovl_do_setxattr without calling the intermediate safety function\n          vfs_setxattr. Ultimatly this module allows for root access to be achieved by\n          writing setuid capabilities to a file which are not sanitized after being unioned\n          with the upper mounted directory.",
+    "references": [
+      "URL-https://www.crowdstrike.com/blog/crowdstrike-discovers-new-container-exploit/",
+      "URL-https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629",
+      "URL-https://www.cvedetails.com/cve/CVE-2023-2640/",
+      "URL-https://www.cvedetails.com/cve/CVE-2023-32629/",
+      "URL-https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability",
+      "CVE-2023-32629",
+      "CVE-2023-2640"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Linux_Binary",
+      "Linux_Command"
+    ],
+    "mod_time": "2024-12-17 16:52:24 +0000",
+    "path": "/modules/exploits/linux/local/gameoverlay_privesc.rb",
+    "is_install_path": true,
+    "ref_name": "linux/local/gameoverlay_privesc",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": true,
+    "actions": [
+
+    ]
+  },
   "exploit_linux/local/glibc_ld_audit_dso_load_priv_esc": {
     "name": "glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation",
     "fullname": "exploit/linux/local/glibc_ld_audit_dso_load_priv_esc",