Two Privilege Escalation Vulnerabilities Discovered in Linux Ubuntu, Impacting 40% of Users

July 27, 2023

Wiz Research has detected two significant privilege escalation vulnerabilities, labelled as CVE-2023-2640 and CVE-2023-32629, in the OverlayFS module of the Linux distribution Ubuntu. The researchers estimate that these flaws impact approximately 40% of Ubuntu users. It's noteworthy that the affected Ubuntu versions are widely used in the cloud as they are the default operating systems for many CSPs.

OverlayFS is a widely used Linux filesystem that enables the deployment of dynamic filesystems based on pre-existing images. Ubuntu introduced a number of changes to the OverlayFS module in 2018. However, the researchers from Wiz noted that the modifications made to the module by the Linux kernel project in 2019 and 2022 conflicted with the changes made by Ubuntu earlier. When Ubuntu adopted the new code, it inadvertently introduced the vulnerabilities CVE-2023-32629 (from 2019) and CVE-2023-2640 (from 2022) into its operating system.

The Wiz advisory stated, “Both vulnerabilities are unique to Ubuntu kernels since they stemmed from Ubuntu’s individual changes to the OverlayFS module. Weaponized exploits for these vulnerabilities are already publicly available given old exploits for past OverlayFS vulnerabilities work out of the box without any changes.”

The vulnerability CVE-2023-2640, which has a CVSS v3 score of 7.8, is located in the Ubuntu Linux kernel. It can enable an unprivileged user to set privileged extended attributes on mounted files, causing them to be set on the upper files without the necessary security checks. This could potentially allow a local attacker to gain elevated privileges.

The second vulnerability, CVE-2023-32629, with a CVSS v3 score of 5.4, is a local privilege escalation issue that exists in the kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels.

Ubuntu has issued a security advisory addressing eight vulnerabilities, including the two mentioned above, which have been rectified with the release of the latest version of the Linux kernel.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.