In recent cybersecurity news, a privilege escalation vulnerability has been discovered in Ubuntu systems, specifically within the OverlayFS module. OverlayFS, a widely used Linux filesystem, is particularly popular in container deployment due to its ability to facilitate dynamic filesystems in relation to pre-built images.
However, it appears that vulnerable versions of the Ubuntu Operating system have become the default systems provided by the majority of Cloud Security Providers (CSPs). This vulnerability, identified as CVE-2023-23629, exists due to the ovl_copy_up_meta_inode_data module bypassing permission checks when calling the ovl_do_setxattr on Ubuntu kernels. The severity of this vulnerability is high, with a CVSS Score of 7.8.
Another vulnerability, CVE-2023-2640, is also present in the UBUNTU: SAUCE: overlays. This flaw allows an attacker without privileges to exploit the system by setting privileged extended attributes on the mounted files and applying them to the upper files without the necessary checks. This vulnerability also carries a high CVSS Score of 7.8.
Interestingly, a conflict has arisen between a patch released by Ubuntu in 2018 and updates made by the Linux Kernel Project in 2019 and 2022. The OverlayFS module, accessible by non-privileged users via user namespaces, is a prime target for local privilege escalation. While Ubuntu patched these vulnerabilities in 2018, new updates from the Linux Kernel Project in 2019 and 2022 have resulted in several modifications to the OverlayFS module, causing a conflict between the previous patches and the latest update.
Exploits for these vulnerabilities are already publicly available, putting users of Ubuntu versions before 23.04 at risk. It is strongly recommended that these users upgrade to the latest version to prevent these vulnerabilities from being exploited.
In response to these findings, Ubuntu has released a security notice that patches several vulnerabilities and credited the researchers for their work. As always, it is crucial for users to stay up-to-date with the latest cybersecurity news to ensure their systems remain secure.
Stay tuned for more updates on this and other cybersecurity issues.
