As per the latest discovery by Security Researchers S. Tzadik and S. Tamari at Wiz, two new privilege escalation vulnerabilities, codenamed “GameOver(Lay)” in the popular Filesystem OverlayFS, affect a whopping 40% Ubuntu users across the globe. Check out the details for both of these vulnerabilities, along with the steps to check if your Ubuntu system is vulnerable or not.
Severe Linux Vulnerability Impacts Ubuntu Systems
CVE-2023-2640 is a high-severity (CVSS v3 score: 7.8) vulnerability affecting Ubuntu Kernels above version 5.15.0. This vulnerability allows any underprivileged user to set privileged extended attributes on the mounted files/ file systems, allowing them to gain higher privileges over the system.
CVE-2023-32629 is a medium-severity (CVSS v3 score: 5.4) vulnerability affecting all Linux Kernels with version 5.4.0. This is a local privilege escalation that exploits the kernel’s memory management subsystem with a race condition accessing the VMA, which leads to arbitrary code execution.
These vulnerabilities can be traced back to 2018 when Ubuntu introduced some changes to its own version of the OverlayFS module. These changes faced some serious objection from the “Linux Kernel Project,” specifically, the setting of extended attributes, which define user permissions. Consequently, when Linux released a fix for the vulnerability in 2020, the changes didn’t carry over to the modification.
“Subtle changes in the Linux kernel introduced by Ubuntu many years ago have unforeseen implications,” said Ami Luttwak, Wiz chief technical officer and co-founder. “We found two privilege escalation vulnerabilities caused by these changes and who knows how many other vulnerabilities are still lurking in the shadows of the Linux kernel spaghetti?”
“Fortunately, while these vulnerabilities would be easy to exploit, they require local user access, which should limit the attack surface”, said Mike Parkin, senior technical engineer at Vulcan Cyber. “Remote exploitation seems very unlikely. Ubuntu has released patches to address the issue, and deployments that utilize the affected OverlayFS module should update their kernel as soon as is practical,” Parkin added.
Which Versions of Ubuntu are Vulnerable
According to Wiz, the following versions of Ubuntu have been compromised:
Release Kernel Version CVE-2023-2640 CVE-2023-32629 Ubuntu 23.04 (Lunar Lobster) 6.2.0 Yes Yes Ubuntu 22.10 (Kinetic Kudu) 5.19.0 Yes Yes Ubuntu 22.04 LTS (Jammy Jellyfish) 5.19.0 Yes Yes Ubuntu 22.04 LTS (Jammy Jellyfish) 6.2.0 Yes Yes Ubuntu 22.04 LTS (Jammy Jellyfish) 5.15.0 No No Ubuntu 20.04 LTS (Focal Fossa) 5.15.0 No No Ubuntu 20.04 LTS (Focal Fossa) 5.4.0 No Yes Ubuntu 18.04 LTS (Bionic Beaver) 5.4.0 No Yes
How to Check if Your System is Vulnerable or Not?
Use the following steps to check if your Ubuntu version is vulnerable or not.
1. Use this command to check the Ubuntu version installed on your system:
cat /etc/os-release
2. Now check for the kernel version number:
uname -r
How to Solve the Linux Vulnerability in Ubuntu
Fortunately, Canonical has released a new update as a fix for eight recent vulnerabilities. Follow these steps to update the system to the new kernel version 6.2.0:
1. First update and upgrade your Ubuntu system using the following command:
sudo apt update && apt upgrade
2. After a standard system update, you need to reboot your computer to apply the necessary changes.
sudo shutdown -r now
