Two researchers report the presence in the kernel Ubuntu has serious security issues that could allow elevation of privileges on the local system. The Ubuntu vulnerability in question, concern exclusively this Linux distribution but are considered rather worrying since they affect about 40% of users of the Canonical platform.
Discovered by Wiz Research, the vulnerabilities CVE-2023-32629 e CVE-2023-2640 they have to do with the imperfect implementation of the form OverlayFS in Ubuntu.
What is OverlayFS and what is it for
OverlayFS is used to combine two or more directories to create a combined virtual view. In other words, it is a mechanism that acts at the level of file system and which allows you to create a hierarchy of files and directories that combines the contents of objects into a single virtual file system.
The primary usage of OverlayFS has to do with creating images and container isolated, as is the case with containerization technologies such as Docker. With OverlayFS, you can create a read-only file system containing theoperating system image and a file system for writing data that only tracks changes as they occur. In this way, the changes applied do not alter the image of the operating system and, for example, each container can benefit from an isolated “view” of the file system separate from the main installation.
OverlayFS has been included in the Linux kernel since version 3.18 and is a core part of the containerization technologies and container-oriented Linux distributions.
Why the two Ubuntu vulnerabilities are dangerous
Precisely because of its nature as a solution capable of interacting at a low level with the file system, OverlayFS has suffered repeated attacks in the past. In fact, easily exploitable bugs allow access to various areas of the system using accounts without particular privileges.
The developers of the Ubuntu project have applied some changes between 2019 and 2022 on the OverlayFS module altering the default behavior of the kernel Linux. Precisely this type of activity has unfortunately led to the introduction of the two vulnerabilities mentioned at the beginning.
I exploit codes already available for the security bugs identified in Ubuntu are immediately functional and, due to the almost universal presence of OverlayFS, researchers estimate that the problem affects 40% of users using the distribution maintained by Canonical.
The solution is evidently to proceed as soon as possible with the installation of the most updated version of Ubuntu. More information is available in the Canonical bulletin but a simple one sudo apt update && sudo apt upgrade -y allows you to protect your system from any risk.