40% of Ubuntu Linux Cloud Workloads Vulnerable to “GameOver(lay)” Exploits

Security researchers have identified two high-severity vulnerabilities, known as “GameOver(lay),” in the OverlayFS module of Ubuntu Linux. These vulnerabilities [1] [2] [3] [4] [5] [6], designated as CVE-2023-2640 and CVE-2023-32629 [1] [2] [5] [6], allow attackers to execute code with root privileges on approximately 40% of Ubuntu Linux cloud workloads [5] [6]. Exploits for these vulnerabilities are already publicly available [4] [6].

Description

The vulnerabilities in the OverlayFS module were discovered as a result of conflicts between changes made by Ubuntu in 2018 and modifications made by the Linux kernel project in 2019 and 2022. Ubuntu has released a security update to address these flaws [5] [6]. By exploiting these vulnerabilities [4] [6], a local attacker can bypass permission checks and elevate privileges on the system. Although the affected versions of the kernel differ slightly, they create similar exploitable scenarios [6]. Attackers can create executables that grant root-like privileges [6].

The presence of these vulnerabilities highlights the challenges faced in maintaining an open-source operating system like Linux, which has become an attractive target for threat actors in cloud environments [6]. To mitigate risks [5] [6], it is crucial to promptly patch affected workloads and restrict OverlayFS to root users only [6]. Additionally, administrators should prioritize keeping software up-to-date [6], limiting Internet exposure [5] [6], and enforcing strict permissions [5] [6].

Conclusion

The discovery of these vulnerabilities in Ubuntu Linux’s OverlayFS module has significant implications for security. Immediate action is necessary to patch affected workloads and implement necessary restrictions. This incident serves as a reminder of the ongoing need to address security concerns in open-source operating systems, particularly in cloud environments [5] [6]. By staying vigilant and taking proactive measures, organizations can mitigate risks and protect their systems from potential attacks.

References

[1] https://www.infosecurity-magazine.com/news/40-ubuntu-cloud-workloads/
[2] https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html
[3] https://www.borncity.com/blog/2023/07/28/ubuntu-privilege-escalation-schwachstellen-cve-2023-2640-und-cve-2023-32629/
[4] https://www.techradar.com/pro/nearly-half-of-ubuntu-users-could-be-vulnerable-to-these-security-flaws
[5] https://nsaneforums.com/news/software-news/ubuntu-linux-cloud-workloads-face-rampant-root-take-takeovers-r17387/
[6] https://www.darkreading.com/cloud/ubuntu-linux-cloud-workloads-face-rampant-root-takeovers