Nearly 40% of Ubuntu Users Vulnerable to New Privilege Escalation Flaws
1 - 2 min read
Aug 03, 2023
Two new Linux kernel privilege escalation flaws have been discovered in the OverlayFS module in Ubuntu, which affect nearly 40% of Ubuntu users (CVE-2023-2640 and CVE-2023-32629). Modifications to the OverlayFS module introduced by the Linux kernel project in 2019 and 2022 conflicted with Ubuntu’s earlier changes, and Ubuntu's adoption of the new code introduced these two vulnerabilities.
The researchers who discovered these vulnerabilities have stated, “Both vulnerabilities are unique to Ubuntu kernels since they stemmed from Ubuntu’s individual changes to the OverlayFS module. Weaponized exploits for these vulnerabilities are already publicly available given old exploits for past OverlayFS vulnerabilities work out of the box without any changes.”
These issues can allow an unprivileged local user to gain elevated privileges on impacted systems.
Important updates for the kernel that mitigate these severe vulnerabilities are now available for Ubuntu users. We strongly recommend that all impacted users apply these updates immediately to protect against privilege escalation attacks leading to system compromise.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).
Related Articles
1 - 0 min read
Ubuntu Tool Could Trick Users Into Installing Rogue Packages
1 - 0 min read
Fake F5 BIG-IP Zero-Day Warning Emails Push Data Wipers
1 - 0 min read
Joomla XSS Bug Puts Millions of Websites at Risk of RCE
1 - 0 min read
Debian and Ubuntu Fix More OpenSSH Vulnerabilities
