Ubuntu OverlayFS module Vulnerabilities
Share this:
Researchers have discovered that two Linux vulnerabilities in Ubuntu kernel pave the way for unprivileged local users to gain elevated privileges on a massive number of devices.
The first vulnerability tracked as CVE-2023-2640 with a CVSS score of 7.8 resides in the Ubuntu Linux kernel caused by inadequate permission checks allowing a local attack gain elevated privileges
The second vulnerability tracked as CVE-2023-32629 with a CVSS score 5.4 resides in the Linux kernel memory management subsystem, where a race condition when accessing VMAs may lead to use-after-free, allowing a local attacker to perform arbitrary code execution.
These vulnerabilities identified after implementation of OverlayFS, an union mount filesystem implementation targeted by threat actors many times in the past due to allowing unprivileged access via user namespaces and being plagued by easily exploitable bugs.
OverlayFS module in 2018 is safe. But in 2019 and 2022, the Linux kernel project made its own modifications to the module, which conflicted with Ubuntu’s changes.
The risk of exploitation is imminent, as PoCs for the two flaws have been publicly available for a long time.
These flaws only impact Ubuntu, and any other Linux distribution, including Ubuntu forks, not using custom modifications of the OverlayFS module should be safe.
Ubuntu has released a security advisory about the issues in the latest version of the Ubuntu Linux kernel and has made fixing updates available.
This research was documented by researchers from Wiz
