StackPatch is liveSee product

Back to CVE digest
CVE-2023-2640 · cross-distro fix matrix

CVE-2023-2640: Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS

Affects 2 Linux releases across 50 (distro × package) combinations. First disclosed: 2026-05-07.

Elevated exploitation risk

FIRST EPSS puts CVE-2023-2640's probability of exploitation in the next 30 days at 16% (96th percentile of all CVEs)— well above the noise floor. Prioritize it.

EPSS:16% · 30-day exploit probability96th percentile

Fix per ecosystem

Each block below is a distro release where CVE-2023-2640 has a known fix. Run the listed command on that distro to remediate.

Ubuntu focal

Source: Ubuntu USN

  • linux-nvidia-tegra-5.15→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-nvidia-tegra-5.15
  • linux-buildinfo-5.15.0-1058-nvidia-tegra→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-1058-nvidia-tegra
  • linux-buildinfo-5.15.0-1058-nvidia-tegra-rt→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-1058-nvidia-tegra-rt
  • linux-headers-5.15.0-1058-nvidia-tegra→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-1058-nvidia-tegra
  • linux-headers-5.15.0-1058-nvidia-tegra-rt→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-1058-nvidia-tegra-rt
  • linux-headers-nvidia-tegra→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-nvidia-tegra
  • linux-headers-nvidia-tegra-5.15→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-nvidia-tegra-5.15
  • linux-headers-nvidia-tegra-rt→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-nvidia-tegra-rt
  • linux-headers-nvidia-tegra-rt-5.15→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-nvidia-tegra-rt-5.15
  • linux-image-5.15.0-1058-nvidia-tegra→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-5.15.0-1058-nvidia-tegra
  • linux-image-5.15.0-1058-nvidia-tegra-rt→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-5.15.0-1058-nvidia-tegra-rt
  • linux-image-nvidia-tegra→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-nvidia-tegra
  • linux-image-nvidia-tegra-5.15→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-nvidia-tegra-5.15
  • linux-image-nvidia-tegra-rt→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-nvidia-tegra-rt
  • linux-image-nvidia-tegra-rt-5.15→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-nvidia-tegra-rt-5.15
  • linux-image-unsigned-5.15.0-1058-nvidia-tegra→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-unsigned-5.15.0-1058-nvidia-tegra
  • linux-image-unsigned-5.15.0-1058-nvidia-tegra-rt→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-unsigned-5.15.0-1058-nvidia-tegra-rt
  • linux-modules-5.15.0-1058-nvidia-tegra→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-modules-5.15.0-1058-nvidia-tegra
  • linux-modules-5.15.0-1058-nvidia-tegra-rt→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-modules-5.15.0-1058-nvidia-tegra-rt
  • linux-modules-extra-5.15.0-1058-nvidia-tegra→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-modules-extra-5.15.0-1058-nvidia-tegra
  • linux-nvidia-tegra→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-nvidia-tegra
  • linux-nvidia-tegra-5.15→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-nvidia-tegra-5.15
  • linux-nvidia-tegra-5.15-headers-5.15.0-1058→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-nvidia-tegra-5.15-headers-5.15.0-1058
  • linux-nvidia-tegra-5.15-tools-5.15.0-1058→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-nvidia-tegra-5.15-tools-5.15.0-1058
  • linux-nvidia-tegra-rt→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-nvidia-tegra-rt
  • linux-nvidia-tegra-rt-5.15→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-nvidia-tegra-rt-5.15
  • linux-tools-5.15.0-1058-nvidia-tegra→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-tools-5.15.0-1058-nvidia-tegra
  • linux-tools-5.15.0-1058-nvidia-tegra-rt→ fixed in5.15.0-1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-tools-5.15.0-1058-nvidia-tegra-rt
  • linux-tools-nvidia-tegra→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-tools-nvidia-tegra
  • linux-tools-nvidia-tegra-5.15→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-tools-nvidia-tegra-5.15
  • linux-tools-nvidia-tegra-rt→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-tools-nvidia-tegra-rt
  • linux-tools-nvidia-tegra-rt-5.15→ fixed in5.15.0.1058.58~20.04.1USN-8255-3
    sudo apt-get install --only-upgrade -y linux-tools-nvidia-tegra-rt-5.15

Ubuntu jammy

Source: Ubuntu USN

  • linux-raspi→ fixed in5.15.0-1100.103USN-8255-3
    sudo apt-get install --only-upgrade -y linux-raspi
  • linux-buildinfo-5.15.0-1100-raspi→ fixed in5.15.0-1100.103USN-8255-3
    sudo apt-get install --only-upgrade -y linux-buildinfo-5.15.0-1100-raspi
  • linux-headers-5.15.0-1100-raspi→ fixed in5.15.0-1100.103USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-5.15.0-1100-raspi
  • linux-headers-raspi→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-raspi
  • linux-headers-raspi-5.15→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-raspi-5.15
  • linux-headers-raspi-nolpae→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-headers-raspi-nolpae
  • linux-image-5.15.0-1100-raspi→ fixed in5.15.0-1100.103USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-5.15.0-1100-raspi
  • linux-image-raspi→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-raspi
  • linux-image-raspi-5.15→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-raspi-5.15
  • linux-image-raspi-nolpae→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-image-raspi-nolpae
  • linux-modules-5.15.0-1100-raspi→ fixed in5.15.0-1100.103USN-8255-3
    sudo apt-get install --only-upgrade -y linux-modules-5.15.0-1100-raspi
  • linux-modules-extra-5.15.0-1100-raspi→ fixed in5.15.0-1100.103USN-8255-3
    sudo apt-get install --only-upgrade -y linux-modules-extra-5.15.0-1100-raspi
  • linux-modules-extra-raspi→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-modules-extra-raspi
  • linux-modules-extra-raspi-5.15→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-modules-extra-raspi-5.15
  • linux-modules-extra-raspi-nolpae→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-modules-extra-raspi-nolpae
  • linux-raspi→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-raspi
  • linux-raspi-5.15→ fixed in5.15.0.1100.98USN-8255-3
    sudo apt-get install --only-upgrade -y linux-raspi-5.15
  • linux-raspi-headers-5.15.0-1100→ fixed in5.15.0-1100.103USN-8255-3
    sudo apt-get install --only-upgrade -y linux-raspi-headers-5.15.0-1100
Are YOU affected by CVE-2023-2640?

5-second check on your actual server. Reads /etc/os-release, uname -r, and the distro's package manager; matches against this same cross-source index live.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan View on NVD
Continuous monitoring beats manual checking

CVE-2023-2640dropped silently in your distro's update channel. Every new CVE is the same story. StackPatch runs the matcher hourly against all 5 sources and emails the exact remediation when something new applies to one of your servers. From $9/mo, 14-day free trial, cancel anytime.

See StackPatch (from $9/mo)