Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

xplynx

Members
  • Joined

  • Last visited

  1. Hi Unraid team, I'd like to raise a security concern affecting the latest Unraid 7.1.4 release (2025-06-18). ⚠️ Vulnerability ContextUnraid systems (including 7.1.4) run Linux kernel 6.12.24-Unraid, which is still vulnerable to CVE-2023-0386 — a known local privilege escalation flaw in the OverlayFS filesystem. This CVE is now: Actively exploited in the wild (confirmed by CISA) Patched in Linux 6.2-rc6+ Not mentioned or backported in 7.1.4’s changelog ✅ How Unraid Is AffectedUnraid uses OverlayFS by default. Here is a Proof-of-Vulnerability script: #!/bin/bash echo "=== OverlayFS Vulnerability Checker ===" # 1. Show kernel version echo -e "\n[+] Kernel version:" uname -r # 2. Check if OverlayFS is supported echo -e "\n[+] OverlayFS support in kernel:" cat /proc/filesystems | grep overlay && echo "OverlayFS is supported" || echo "OverlayFS NOT supported" # 3. Check if OverlayFS is mounted echo -e "\n[+] OverlayFS active mounts:" mount | grep overlay # 4. Show detailed mountinfo (proves upperdir/workdir are present) echo -e "\n[+] Detailed OverlayFS mountinfo:" cat /proc/self/mountinfo | grep overlay # 5. Optional: check if module is loaded (informational only) echo -e "\n[+] Kernel module status (optional):" lsmod | grep overlay || echo "OverlayFS not a module or not listed in lsmod (could be built-in)" echo -e "\n[!] If OverlayFS is mounted AND kernel version < 6.2 => System is vulnerable to CVE-2023-0386 unless patched.\n"Result: === OverlayFS Vulnerability Checker === [+] Kernel version: 6.12.24-Unraid [+] OverlayFS support in kernel: nodev overlay OverlayFS is supported [+] OverlayFS active mounts: overlay on /usr type overlay (rw,relatime,lowerdir=/usr,upperdir=/var/local/overlay/usr,workdir=/var/local/overlay-work/usr,uuid=on) overlay on /lib type overlay (rw,relatime,lowerdir=/lib,upperdir=/var/local/overlay/lib,workdir=/var/local/overlay-work/lib,uuid=on) [+] Detailed OverlayFS mountinfo: 30 27 0:24 / /usr rw,relatime - overlay overlay rw,lowerdir=/usr,upperdir=/var/local/overlay/usr,workdir=/var/local/overlay-work/usr,uuid=on 34 31 0:27 / /lib rw,relatime - overlay overlay rw,lowerdir=/lib,upperdir=/var/local/overlay/lib,workdir=/var/local/overlay-work/lib,uuid=on [+] Kernel module status (optional): OverlayFS not a module or not listed in lsmod (could be built-in) [!] If OverlayFS is mounted AND kernel version < 6.2 => System is vulnerable to CVE-2023-0386 unless patched.This satisfies all CVE-2023-0386 exploit preconditions: A malicious plugin or Docker container with basic file write access could escalate to root It's a silent, local risk — no SUID or setcap needed 🧪 Confirmed:Kernel: uname -r → 6.12.24-Unraid OverlayFS in use: confirmed on /usr, /lib No security fixes listed in 7.1.4 release notes 🔐 Suggested ActionsBackport the OverlayFS fix from Linux 6.2-rc6 or later into 6.12.24-Unraid Clearly document any CVE-related patching in future changelogs Optionally provide a temporary advisory on unraid.net and encourage minimal plugin/container exposure for security-conscious users 📦 Supplemental AuditI’ve written a lightweight script that checks for: New or modified SUID binaries Suspicious Linux capabilities SHA256 hash changes to binaries under /usr, /lib, /etc #!/bin/bash # OverlayFS security audit script with SUID, capabilities, and SHA256 change detection LOGFILE="/var/log/overlayfs_audit.log" SUID_DB="/var/local/overlayfs_suid_baseline.txt" CAP_DB="/var/local/overlayfs_caps_baseline.txt" HASH_DB="/var/local/overlayfs_hashes_baseline.txt" TMP_DIR="/tmp/overlayfs_audit_tmp" # Directories to scan (expanded list) SCAN_DIRS=("/usr" "/lib" "/etc" "/opt" "/bin") mkdir -p "$TMP_DIR" echo "=== OverlayFS Security Audit @ $(date) ===" >> "$LOGFILE" # 1. Scan for new SUID files echo "[*] Scanning for SUID binaries..." | tee -a "$LOGFILE" find "${SCAN_DIRS[@]}" -xdev -perm -4000 -type f 2>/dev/null | sort > "$TMP_DIR/current_suid.txt" if [ -f "$SUID_DB" ]; then echo "[*] Comparing with SUID baseline..." | tee -a "$LOGFILE" comm -13 "$SUID_DB" "$TMP_DIR/current_suid.txt" >> "$LOGFILE" else echo "[!] No SUID baseline found. Creating new one." | tee -a "$LOGFILE" cp "$TMP_DIR/current_suid.txt" "$SUID_DB" fi # 2. Scan for files with capabilities echo "[*] Scanning for files with Linux capabilities..." | tee -a "$LOGFILE" getcap -r "${SCAN_DIRS[@]}" 2>/dev/null | sort > "$TMP_DIR/current_caps.txt" if [ -f "$CAP_DB" ]; then echo "[*] Comparing capabilities with baseline..." | tee -a "$LOGFILE" comm -13 "$CAP_DB" "$TMP_DIR/current_caps.txt" >> "$LOGFILE" else echo "[!] No capabilities baseline found. Creating new one." | tee -a "$LOGFILE" cp "$TMP_DIR/current_caps.txt" "$CAP_DB" fi # 3. SHA256 hash monitoring for tracked directories echo "[*] Generating SHA256 file hashes..." | tee -a "$LOGFILE" find "${SCAN_DIRS[@]}" -xdev -type f -exec sha256sum {} + 2>/dev/null | sort > "$TMP_DIR/current_hashes.txt" if [ -f "$HASH_DB" ]; then echo "[*] Comparing hashes with baseline..." | tee -a "$LOGFILE" diff -u "$HASH_DB" "$TMP_DIR/current_hashes.txt" | grep -E '^\+|^-' | grep -vE '^\+\+\+|^---' >> "$LOGFILE" else echo "[!] No hash baseline found. Creating new one." | tee -a "$LOGFILE" cp "$TMP_DIR/current_hashes.txt" "$HASH_DB" fi # Cleanup rm -rf "$TMP_DIR" echo "=== Audit complete ===" >> "$LOGFILE" echo "Results saved to $LOGFILE"Thanks for your hard work — Unraid is an amazing platform. Just wanted to raise this now that exploit activity is increasing and many users may not be aware this risk applies to home servers too. If the Unraid dev team would like more info, feel free to reach out to me via LinkedIn or the Unraid forum — happy to help however I can.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.