| guide | Researchers at Wiz have discovered that two Linux vulnerabilities recently introduced into the Ubuntu kernel could potentially elevate privileges for unprivileged local users on a large number of devices. The two vulnerabilities, tracked as CVE-2023-32629 and CVE-2023-2640, are estimated to affect about 40% of Ubuntu users. |
According to the introduction, CVE-2023-2640 is a high-severity (CVSS v3 score: 7.8) vulnerability in the Ubuntu Linux kernel, which is caused by insufficient permission checking, allowing local attackers to obtain elevated permissions. CVE-2023-32629 is a medium-severity (CVSS v3 score: 5.4) vulnerability in the Linux kernel memory management subsystem, a race condition when accessing the VMA could lead to a use-after-free, allowing a local attacker to perform arbitrary code execution .
The researchers discovered the problem when the OverlayFS module was implemented in the Linux kernel. OverlayFS, a union-mounted filesystem implementation, has been targeted by threat actors several times in the past due to allowing unprivileged access through user namespaces and being plagued by bugs that are easy to exploit.
Ubuntu, one of the distributions using OverlayFS, made custom changes to its OverlayFS module in 2018, and these modifications did not pose any risk at the time. In 2019 and 2022, however, the Linux kernel project made its own changes to the module, causing conflicts with Ubuntu's earlier changes.
While code containing these changes has been adopted in recent widespread releases, the conflict resulted in the introduction of two vulnerabilities.
"Both of these vulnerabilities are specific to the Ubuntu kernel, as they stem from separate changes Ubuntu made to the OverlayFS module. Given that older exploits for past OverlayFS vulnerabilities can be exploited out of the box without any changes, weaponized exploits targeting these vulnerabilities have publicly available."
It's worth noting that this vulnerability only affects Ubuntu, any other Linux distribution (including Ubuntu forks) should be safe without custom modifications using the OverlayFS module.
Ubuntu has released a security bulletin covering the issues addressed and six additional vulnerabilities in the latest version of the Ubuntu Linux kernel, with fixes and updates. Users who do not know how to reinstall and activate third-party kernel modules are advised to perform updates through their package managers. A reboot is required after installing an update for Linux kernel updates to take effect on Ubuntu.