Security Researchers S. Tzadik and S. Tamari at Wiz have uncovered two new privilege escalation vulnerabilities, codenamed “GameOver(Lay)”, in the Filesystem OverlayFS, impacting 40% of Ubuntu users worldwide. Below are the details of these vulnerabilities and steps to determine if your Ubuntu system is vulnerable.
Severe Linux Vulnerability Impacts Ubuntu Systems
CVE-2023-2640 is a high-severity (CVSS v3 score: 7.8) vulnerability affecting Ubuntu Kernels above version 5.15.0. It allows any underprivileged user to set privileged extended attributes on mounted files/file systems, granting them higher system privileges.
CVE-2023-32629, a medium-severity vulnerability (CVSS v3 score: 5.4), affects all Linux Kernels version 5.4.0. It exploits the kernel’s memory management subsystem with a race condition accessing the VMA, leading to arbitrary code execution.
These vulnerabilities trace back to 2018 when Ubuntu introduced changes to its OverlayFS module, which faced serious objection from the “Linux Kernel Project,” particularly regarding the setting of extended attributes defining user permissions. Consequently, when Linux released a fix for the vulnerability in 2020, the changes didn’t carry over to the modification.
“Subtle Linux kernel changes by Ubuntu years ago have unforeseen implications,” stated Ami Luttwak, Wiz chief technical officer and co-founder. “We found two privilege escalation vulnerabilities caused by these changes, with potential for numerous others lurking in the shadows of the Linux kernel spaghetti.”
“Fortunately, while these vulnerabilities are exploitable, they require local user access, limiting the attack surface,” noted Mike Parkin, senior technical engineer at Vulcan Cyber. “Remote exploitation seems highly unlikely. Ubuntu has released patches to address the issue; deployments using the affected OverlayFS module should promptly update their kernel,” Parkin advised.
Vulnerable Versions of Ubuntu
Wiz reports compromised Ubuntu versions:
| Release | Kernel Version | CVE-2023-2640 | CVE-2023-32629 |
|---|---|---|---|
| Ubuntu 23.04 (Lunar Lobster) | 6.2.0 | Yes | Yes |
| Ubuntu 22.10 (Kinetic Kudu) | 5.19.0 | Yes | Yes |
| Ubuntu 22.04 LTS (Jammy Jellyfish) | 5.19.0 | Yes | Yes |
| Ubuntu 22.04 LTS (Jammy Jellyfish) | 6.2.0 | Yes | Yes |
| Ubuntu 22.04 LTS (Jammy Jellyfish) | 5.15.0 | No | No |
| Ubuntu 20.04 LTS (Focal Fossa) | 5.15.0 | No | No |
| Ubuntu 20.04 LTS (Focal Fossa) | 5.4.0 | No | Yes |
| Ubuntu 18.04 LTS (Bionic Beaver) | 5.4.0 | No | Yes |
Checking System Vulnerability
To determine if your Ubuntu system is vulnerable, follow these steps:
1. Check your Ubuntu version:
cat /etc/os-release2. Verify the kernel version:
uname -rSolving Linux Vulnerabilities in Ubuntu
Canonical has released an update to address eight recent vulnerabilities. To apply the fix and update to kernel version 6.2.0, follow these steps:
1. Update and upgrade your Ubuntu system:
sudo apt update && apt upgrade2. Reboot your computer to implement the changes:
sudo shutdown -r now
Pritam Chopra is a seasoned IT professional and a passionate blogger hailing from the dynamic realm of technology. With an insatiable curiosity for all things tech-related, Pritam has dedicated himself to exploring and unraveling the intricacies of the digital world.
