Over 40% Ubuntu Systems Impacted by Severe Vulnerability; Check If You’re Affected

featured image for GameOver(lay) vulnerability

As per the latest discovery by Security Researchers S. Tzadik and S. Tamari at Wiz, two new privilege escalation vulnerabilities, codenamed “GameOver(Lay)” in the popular Filesystem OverlayFS, affect a whopping 40% Ubuntu users across the globe. Check out the details for both of these vulnerabilities, along with the steps to check if your Ubuntu system is vulnerable or not.

Severe Linux Vulnerability Impacts Ubuntu Systems

CVE-2023-2640 is a high-severity (CVSS v3 score: 7.8) vulnerability affecting Ubuntu Kernels above version 5.15.0. This vulnerability allows any underprivileged user to set privileged extended attributes on the mounted files/ file systems, allowing them to gain higher privileges over the system.

CVE-2023-32629 is a medium-severity (CVSS v3 score: 5.4) vulnerability affecting all Linux Kernels with version 5.4.0. This is a local privilege escalation that exploits the kernel’s memory management subsystem with a race condition accessing the VMA, which leads to arbitrary code execution.

These vulnerabilities can be traced back to 2018 when Ubuntu introduced some changes to its own version of the OverlayFS module. These changes faced some serious objection from the “Linux Kernel Project,” specifically, the setting of extended attributes, which define user permissions. Consequently, when Linux released a fix for the vulnerability in 2020, the changes didn’t carry over to the modification.

“Subtle changes in the Linux kernel introduced by Ubuntu many years ago have unforeseen implications,” said Ami Luttwak, Wiz chief technical officer and co-founder. “We found two privilege escalation vulnerabilities caused by these changes and who knows how many other vulnerabilities are still lurking in the shadows of the Linux kernel spaghetti?”

“Fortunately, while these vulnerabilities would be easy to exploit, they require local user access, which should limit the attack surface”, said Mike Parkin, senior technical engineer at Vulcan Cyber. “Remote exploitation seems very unlikely. Ubuntu has released patches to address the issue, and deployments that utilize the affected OverlayFS module should update their kernel as soon as is practical,” Parkin added.

Which Versions of Ubuntu are Vulnerable

According to Wiz, the following versions of Ubuntu have been compromised:

ReleaseKernel VersionCVE-2023-2640CVE-2023-32629
Ubuntu 23.04 (Lunar Lobster)6.2.0YesYes
Ubuntu 22.10 (Kinetic Kudu)5.19.0YesYes
Ubuntu 22.04 LTS (Jammy Jellyfish)5.19.0YesYes
Ubuntu 22.04 LTS (Jammy Jellyfish)6.2.0YesYes
Ubuntu 22.04 LTS (Jammy Jellyfish)5.15.0NoNo
Ubuntu 20.04 LTS (Focal Fossa)5.15.0NoNo
Ubuntu 20.04 LTS (Focal Fossa)5.4.0NoYes
Ubuntu 18.04 LTS (Bionic Beaver)5.4.0NoYes

How to Check if Your System is Vulnerable or Not?

Use the following steps to check if your Ubuntu version is vulnerable or not.

1. Use this command to check the Ubuntu version installed on your system:

cat /etc/os-release

2. Now check for the kernel version number:

uname -r

How to Solve the Linux Vulnerability in Ubuntu

Fortunately, Canonical has released a new update as a fix for eight recent vulnerabilities. Follow these steps to update the system to the new kernel version 6.2.0:

1. First update and upgrade your Ubuntu system using the following command:

sudo apt update && apt upgrade

2. After a standard system update, you need to reboot your computer to apply the necessary changes.

sudo shutdown -r now
#Tags
Comments 1
Leave a Reply

Loading comments...