Two vulnerabilities in the Linux operating system Ubuntu have been found by researchers. Both of these vulnerabilities have the ability to offer attackers elevated privileges.There have been indications that a vulnerability that allows for an increase in privilege may be detected in the OverlayFS module of Ubuntu operating systems.
A Linux filesystem known as OverlayFS has seen significant adoption in the container industry. OverlayFS makes it possible to deploy dynamic filesystems while maintaining compatibility with pre-built images.
CVE-2023-23629
When invoking the ovl_do_setxattr function on Ubuntu kernels, the ovl_copy_up_meta_inode_data module has the potential to bypass permission checks. This vulnerability occurs as a result. This vulnerability has been assigned a CVSS score of 7.8, which is considered to be High.
CVE-2023-2640
There is a flaw in Ubuntu known as SAUCE: overlayfs bypass permission checks for trusted that leads to this vulnerability.overlayfs. * xattrs. * xattrs.
This vulnerability may be exploited by an attacker who does not have rights by establishing privileged extended attributes on the mounted files and then setting them on the other files without necessary checks being performed. This vulnerability has been assigned a CVSS score of 7.8, which is considered to be High.
The Ubuntu Patch from 2018 is in Conflict with the Linux Kernel Project from 2019 and 2022.
Since the OverlayFS module may be used by non-privileged users via user namespaces, it is a perfect candidate for local privilege escalation. In 2018, Ubuntu released patches that addressed these security flaws.
Despite this, researchers working for Wix discovered that the Linux Kernel Project released many new versions in the years 2019 and 2022.
There was a problem between the older patches and the most recent version as a direct consequence of the changes that were made to the OverlayFS module.
These exploits are already accessible to the public in their exploitable forms. It is strongly advised that anyone using Ubuntu versions earlier than 23.04 update to the most recent release in order to prevent these vulnerabilities from being exploited. On the other hand, the majority of cloud security providers (CSPs) have been using insecure versions of the Ubuntu Operating System as their default system.
Researchers believe that around forty percent of computers running Ubuntu might have been affected by the issue, making the anticipated scope a large one. According to Canonical, the business that is responsible for Ubuntu and also operates for profit, the desktop version of the software was installed more than 20 million times in 2017. Ubuntu has issued a security alert that addresses many vulnerabilities and gives credit to the researchers who discovered them.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.