Official forum for Utopia Community
You are not logged in.
Two critical security flaws that could allow for local privilege escalation attacks have been found by cybersecurity researchers in the Ubuntu kernel.
According to a report provided to The Hacker News by cloud security company Wiz, 40% of Ubuntu users may be affected by the easily exploitable flaws.
Security researchers Sagi Tzadik and Shir Tamari claimed that affected Ubuntu versions are widely used in the cloud because many [cloud service providers] use them as their default operating systems.
The flaws, dubbed GameOver(lay) and tracked as CVE-2023-32629 and 2023-2640 (CVSS scores: 7.8), exist in a module called OverlayFS and result from insufficient permissions checks in some circumstances, allowing a local attacker to obtain elevated privileges.
An overlay filesystem is a type of union mount file system that enables the fusion of different directory trees or file systems into a single, integrated filesystem.
The two flaws are succinctly described below -.
On Ubuntu kernels with the bugfixes "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted" and c914c0e27eb0.
overlayfs.
* xattrs," a non-privileged user has the ability to set privileged extended attributes on mounted files, causing them to be set on upper files without the necessary security checks.
CVE-2023-32629 - Local privilege escalation vulnerability in Ubuntu kernels when calling overlayfs ovl_copy_up_meta_inode_data skips permission checks when calling ovl_do_setxattr.
In essence, GameOver(lay) enables the creation of executable files with scoped file capabilities and deceives the Ubuntu Kernel into copying them to different locations.
anyone who executes it will have root-like privileges due to its unscoped capabilities. ".
As of July 24, 2023, Ubuntu has patched the vulnerabilities as a result of responsible disclosure.
According to Wiz CTO and co-founder Ami Luttwak, the findings highlight the possibility that Ubuntu's subtle modifications to the Linux kernel may have unintended consequences.
According to the researchers, "Both vulnerabilities are unique to Ubuntu kernels since they were caused by Ubuntu's specific changes to the OverlayFS module." They added that the problems are similar to other flaws like CVE-2016-1576, CVE-2021-3493, CVE-2021-3847, and CVE-2023-0386.
Offline