Multiple vulnerabilities in Ubuntu Linux kernel could be exploited by attackers
The Ubuntu Linux kernel has multiple vulnerabilities that could be exploited by attackers [6] [8]. These vulnerabilities include an out-of-bounds read vulnerability in the NTFS file system implementation [6], a local privilege escalation vulnerability in the OverlayFS module [3], a vulnerability in the IP-VLAN network driver, vulnerabilities in the netfilter subsystem [6], a vulnerability in the Ricoh R5C592 MemoryStick card reader driver, and a race condition vulnerability in the io_uring subsystem.
Description
The out-of-bounds read vulnerability in the NTFS file system implementation allows a local attacker to access sensitive information [6]. The OverlayFS module vulnerability, known as GameOver(lay) and tracked as CVE-2023-2640 and CVE-2023-32629, enables local privilege escalation attacks due to inadequate permissions checks, allowing a local attacker to gain elevated privileges [1] [6] [7] [8]. Exploits for previous OverlayFS bugs work without any changes [3], making these vulnerabilities easy to exploit [5]. The IP-VLAN network driver vulnerability could lead to a denial of service or arbitrary code execution [6] [8]. The netfilter subsystem has multiple vulnerabilities [6] [8], including a use-after-free vulnerability and an out-of-bounds write vulnerability [6], which could result in system crashes or arbitrary code execution [6]. The Ricoh R5C592 MemoryStick card reader driver vulnerability could cause a denial of service or arbitrary code execution [6]. The io_uring subsystem has a race condition vulnerability that could lead to a use-after-free vulnerability [6]. These vulnerabilities in the Ubuntu implementation of the OverlayFS module allow attackers to execute code with root privileges on 40% of Ubuntu Linux cloud workloads [4]. It is important to note that these vulnerabilities can be exploited using the same publicly available exploit as prior OverlayFS vulnerabilities [2]. The affected Ubuntu versions are commonly used in cloud environments as the default option [5]. Ubuntu has released official security bulletins for the vulnerabilities and has already fixed them as of July 24, 2023. Users are advised to update their kernels to the latest version to mitigate the risks. As a precautionary measure, security teams should either patch their workloads or restrict OverlayFS to root users only [2]. These vulnerabilities highlight the risks of modifying complex open-source projects [3]. It is worth mentioning that the vulnerabilities require local user access, limiting the attack surface [3], and remote exploitation is unlikely [3]. These vulnerabilities are unique to Ubuntu kernels and are comparable to other known vulnerabilities [7].
Conclusion
The local privilege escalation vulnerability in Ubuntu Kernels overlayfs has been addressed by the Ubuntu security team. Users are advised to update their kernels to the latest version to mitigate the risks. Security teams should consider patching their workloads or restricting OverlayFS to root users only [2]. These vulnerabilities highlight the importance of maintaining the security of complex open-source projects. While the vulnerabilities require local user access [3], remote exploitation is unlikely [3]. It is crucial to stay vigilant and keep systems up to date to protect against potential attacks.
References
[1] https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html
[2] https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
[3] https://www.scmagazine.com/news/two-privilege-escalation-flaws-affect-40-of-ubuntu-workloads-in-overlayfs
[4] https://www.darkreading.com/cloud/ubuntu-linux-cloud-workloads-face-rampant-root-takeovers
[5] https://www.cypro.se/2023/07/27/gameoverlay-two-severe-linux-vulnerabilities-impact-40-of-ubuntu-users/
[6] https://ubuntu.com/security/notices/USN-6260-1
[7] https://vulners.com/thn/THN:ECEFDD287DBDC6A3A8801E06EC08A66A
[8] https://ubuntu.com/security/notices/USN-6251-1