StackPatch is liveSee product

Back to CVE digest
CVE-2023-2640 · cross-distro fix matrix

CVE-2023-2640: Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS

Affects 1 Linux release across 50 (distro × package) combinations. First disclosed: 2026-05-07.

Fix per ecosystem

Each block below is a distro release where CVE-2023-2640 has a known fix. Run the listed command on that distro to remediate.

Ubuntu focal

Source: Ubuntu USN

  • linux-aws-5.15→ fixed in5.15.0-1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-aws-5.15
  • linux-hwe-5.15→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-hwe-5.15
  • linux-ibm-5.15→ fixed in5.15.0-1100.103~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-ibm-5.15
  • linux-intel-iotg-5.15→ fixed in5.15.0-1101.107~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-intel-iotg-5.15
  • linux-lowlatency-hwe-5.15→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-lowlatency-hwe-5.15
  • linux-aws→ fixed in5.15.0.1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-aws
  • linux-aws-5.15→ fixed in5.15.0.1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-aws-5.15
  • linux-aws-5.15-cloud-tools-5.15.0-1106→ fixed in5.15.0-1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-aws-5.15-cloud-tools-5.15.0-1106
  • linux-aws-5.15-headers-5.15.0-1106→ fixed in5.15.0-1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-aws-5.15-headers-5.15.0-1106
  • linux-aws-5.15-tools-5.15.0-1106→ fixed in5.15.0-1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-aws-5.15-tools-5.15.0-1106
  • linux-aws-edge→ fixed in5.15.0.1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-aws-edge
  • linux-buildinfo-5.15.0-1100-ibm→ fixed in5.15.0-1100.103~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-1100-ibm
  • linux-buildinfo-5.15.0-1101-intel-iotg→ fixed in5.15.0-1101.107~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-1101-intel-iotg
  • linux-buildinfo-5.15.0-1106-aws→ fixed in5.15.0-1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-1106-aws
  • linux-buildinfo-5.15.0-177-generic→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-177-generic
  • linux-buildinfo-5.15.0-177-generic-64k→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-177-generic-64k
  • linux-buildinfo-5.15.0-177-generic-lpae→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-177-generic-lpae
  • linux-buildinfo-5.15.0-177-lowlatency→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-177-lowlatency
  • linux-buildinfo-5.15.0-177-lowlatency-64k→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-177-lowlatency-64k
  • linux-cloud-tools-5.15.0-1101-intel-iotg→ fixed in5.15.0-1101.107~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-5.15.0-1101-intel-iotg
  • linux-cloud-tools-5.15.0-1106-aws→ fixed in5.15.0-1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-5.15.0-1106-aws
  • linux-cloud-tools-5.15.0-177-generic→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-5.15.0-177-generic
  • linux-cloud-tools-5.15.0-177-lowlatency→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-5.15.0-177-lowlatency
  • linux-cloud-tools-generic-5.15→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-generic-5.15
  • linux-cloud-tools-generic-hwe-20.04→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-generic-hwe-20.04
  • linux-cloud-tools-generic-hwe-20.04-edge→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-generic-hwe-20.04-edge
  • linux-cloud-tools-intel→ fixed in5.15.0.1101.107~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-intel
  • linux-cloud-tools-lowlatency-5.15→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-lowlatency-5.15
  • linux-cloud-tools-lowlatency-hwe-20.04→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-lowlatency-hwe-20.04
  • linux-cloud-tools-lowlatency-hwe-20.04-edge→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-lowlatency-hwe-20.04-edge
  • linux-cloud-tools-virtual-5.15→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-virtual-5.15
  • linux-cloud-tools-virtual-hwe-20.04→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-virtual-hwe-20.04
  • linux-cloud-tools-virtual-hwe-20.04-edge→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-cloud-tools-virtual-hwe-20.04-edge
  • linux-generic-5.15→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-5.15
  • linux-generic-64k-5.15→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-64k-5.15
  • linux-generic-64k-hwe-20.04→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-64k-hwe-20.04
  • linux-generic-64k-hwe-20.04-edge→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-64k-hwe-20.04-edge
  • linux-generic-hwe-20.04→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-hwe-20.04
  • linux-generic-hwe-20.04-edge→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-hwe-20.04-edge
  • linux-generic-lpae-5.15→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-lpae-5.15
  • linux-generic-lpae-hwe-20.04→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-lpae-hwe-20.04
  • linux-generic-lpae-hwe-20.04-edge→ fixed in5.15.0.177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-generic-lpae-hwe-20.04-edge
  • linux-headers-5.15.0-1100-ibm→ fixed in5.15.0-1100.103~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-1100-ibm
  • linux-headers-5.15.0-1101-intel-iotg→ fixed in5.15.0-1101.107~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-1101-intel-iotg
  • linux-headers-5.15.0-1106-aws→ fixed in5.15.0-1106.113~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-1106-aws
  • linux-headers-5.15.0-177-generic→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-177-generic
  • linux-headers-5.15.0-177-generic-64k→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-177-generic-64k
  • linux-headers-5.15.0-177-generic-lpae→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-177-generic-lpae
  • linux-headers-5.15.0-177-lowlatency→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-177-lowlatency
  • linux-headers-5.15.0-177-lowlatency-64k→ fixed in5.15.0-177.187~20.04.1USN-8255-1
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-177-lowlatency-64k
Are YOU affected by CVE-2023-2640?

5-second check on your actual server. Reads /etc/os-release, uname -r, and the distro's package manager; matches against this same cross-source index live.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan View on NVD
Continuous monitoring beats manual checking

CVE-2023-2640dropped silently in your distro's update channel. Every new CVE is the same story. StackPatch runs the matcher hourly against all 5 sources and emails the exact remediation when something new applies to one of your servers. $99 lifetime, 50 founder seats, 30-day refund.

See StackPatch ($99 lifetime)