The popular Linux distro Ubuntu is facing security concerns as Wiz researchers unearth two critical vulnerabilities within its kernel. The bugs, potentially impacting up to 40% of Ubuntu users, allow unprivileged local users to escalate their privileges.
Unexpected flaws in the Ubuntu overlayFS module
Both the vulnerabilities, identified as CVE-2023-2640 and CVE-2023-32629, reside within Ubuntu’s OverlayFS module, a crucial component used for deploying dynamic filesystems. Ubuntu users, especially those in the cloud domain, are at risk since the flawed versions are default operating systems for several Cloud Service Providers (CSPs).
Alterations made by Ubuntu to the OverlayFS module in 2018 conflict with modifications brought in by the Linux kernel project in 2019 and 2022, creating these unique vulnerabilities.
Ubuntu kernel flaws: A serious risk to users
The first flaw, CVE-2023-2640, comes with a CVSS v3 score of 7.8. It allows unprivileged users to set privileged extended attributes on mounted files without the necessary security checks. This loophole could potentially allow a local attacker to gain increased privileges.
Meanwhile, the second vulnerability, CVE-2023-32629 with a CVSS v3 score of 5.4, is a local privilege escalation issue that skips permission checks when calling ovl_do_setxattr on Ubuntu kernels.
Ubuntu taking actions against the vulnerabilities
Ubuntu has since acknowledged these vulnerabilities and published a security advisory detailing the resolution of eight flaws, including these two, in the latest version of the distro Linux kernel.
Worryingly, weaponized exploits for these vulnerabilities are already publicly available, given that past OverlayFS vulnerabilities work seamlessly without any changes, raising the urgency for user updates.
What are your thoughts on this development? Please share your comments and views on this situation with us in the comments section below! We value your opinion.
{{user}} {{datetime}}
{{text}}