40% of Ubuntu Cloud Workloads are affected by two easy to exploit privilege escalation vulnerabilities. Ubuntu is one of the most widely used Linux distribution based on Debian and composed mostly of free and open-source software. It has an approximate user base of over 40 million. The two flaws, CVE-2023-2640 and CVE-2023-32629 were found in the OverlayFS module. OverlayFS is a widely used Linux Filesystem that became highly popular with the rise of containers. It is also an attractive attack surface with a history of having numerous logical vulnerabilities that were easy to exploit. The vulnerability only affects Ubuntu systems due to the custom changes that was made to the OverlayFS module by Ubuntu. The risk of exploitation is considered to be imminent as PoCs and weaponised exploits for the two flaws have been publicly available for a long time. Ubuntu fixed the vulnerabilities on July 24th 2023 and all users should update their kernels to the latest version.
https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
https://ubuntu.com/security/notices/USN-6250-1
https://ubuntu.com/security/CVE-2023-2640
https://ubuntu.com/security/CVE-2023-32629
https://www.bleepingcomputer.com/news/security/almost-40-percent-of-ubuntu-users-vulnerable-to-new-privilege-elevation-flaws/
This segment was created for the It’s 5:05 podcast