Two high-priority vulnerabilities have been found within the OverlayFS module of Ubuntu Linux, impacting roughly 40% of Ubuntu cloud workloads.
In line with safety consultants at Wiz Research, the vulnerabilities, designated as CVE-2023-2640 and CVE-2023-32629, had been found within the extensively used Linux filesystem, OverlayFS, which gained reputation with the widespread adoption of container expertise resulting from its skill to deploy dynamic filesystems primarily based on pre-built photographs.
The vulnerabilities enable attackers to escalate privileges to the foundation degree on affected programs. OverlayFS presents a beautiful assault floor resulting from its historical past of logical vulnerabilities which were simply exploitable. Of specific concern is that the exploits used for earlier OverlayFS vulnerabilities may be utilized with out modifying these newly found flaws.
“These vulnerabilities are the results of numerous separate change incidents that occurred over the span of years,” warned John A. Smith, CEO at Conversant Group.
“Consequently, there are proof of idea (POC) hacks publicly accessible for them—that means, they pose a excessive danger of exploitation and needs to be patched instantly.”
The problems are particular to Ubuntu Linux as a result of the distribution launched adjustments to the OverlayFS module in 2018, which initially didn’t pose any dangers. Nevertheless, subsequent safety patches within the Linux kernel didn’t absolutely handle Ubuntu’s modifications, resulting in further susceptible flows that persevered unnoticed till now.
“Refined adjustments within the Linux kernel launched by Ubuntu a few years in the past have unexpected implications,” defined Wiz CTO and co-founder, Ami Luttwak.
“We discovered two privilege escalation vulnerabilities attributable to these adjustments, and who is aware of what number of different vulnerabilities are nonetheless lurking within the shadows of the Linux kernel spaghetti?”
Ubuntu has responded promptly to the invention and launched fastened variations for impacted kernels. Customers are urged to replace their kernels to the most recent variations to mitigate the danger. Moreover, a workaround is on the market for customers who can’t instantly replace their programs: limiting person namespace utilization to customers with restricted privileges can assist stop potential exploitation.
“The vulnerabilities proven right here do spotlight how the relationships between Linux kernel growth and particular person distributions including their very own particular tweaks can have unexpected penalties,” stated Mike Parkin, senior technical engineer at Vulcan Cyber.
“Luckily, whereas these vulnerabilities could be simple to take advantage of, they require native person entry, which ought to restrict the assault floor. Distant exploitation appears most unlikely.”
The accountable disclosure course of started in June 2023 when Wiz Analysis reported the vulnerabilities to Ubuntu. The Linux distribution confirmed the problems and labored on addressing them, resulting in the discharge of patches by the top of July 2023.
Editorial picture credit score: sdx15 / Shutterstock.com
