Skip to content

Over 40% of Ubuntu systems at risk; Check for severe vulnerability


GameOver (Lay) Vulnerability: New privilege escalation vulnerabilities have an effect on Ubuntu applications

Safety researchers S. Tzadik and S. Tamari of Wiz just lately found two new privilege escalation vulnerabilities inside the usual OverlayFS filesystem, codenamed GameOver (Lay). These vulnerabilities influence a big number of Ubuntu clients worldwide, representing roughly 40% of all Ubuntu clients. On this article, we are going to current detailed particulars about these vulnerabilities and details about the steps to check in case your Ubuntu system is weak.

Excessive Linux vulnerability impacts Ubuntu applications

The first vulnerability, acknowledged as CVE-2023-2640, is rated as excessive severity with a CVSS v3 rating of seven.8. It impacts Ubuntu kernels above the 5.15.0 mannequin. This vulnerability permits deprived customers to set privileged lengthy attributes on mounted information or file applications, granting them elevated privileges on the system.

The second vulnerability, typically generally known as CVE-2023-32629, is assessed as medium severity with a CVSS v3 ranking of 5.4. It impacts all Linux kernels with the 5.4.0 mannequin. This vulnerability exploits a rush state of affairs inside the kernel reminiscence administration subsystem when the Digital Memory House (VMA) is accessed, leading to arbitrary code execution.

These vulnerabilities can be traced to modifications Ubuntu made to its OverlayFS module launch in 2018. These modifications had been met with objections from the Linux Kernel Problem, significantly associated to setting lengthy attributes outlining consumer permissions. Though Linux rolled out a repair for this vulnerability in 2020, the modifications weren’t included within the Ubuntu module change.

Ami Luttwak, Chief Technical Officer and co-founder of Wiz, acknowledged: “Delicate modifications inside the Linux kernel launched by Ubuntu a number of years in the past have sudden implications. We found two privilege escalation vulnerabilities brought on by these modifications, and who is aware of what number of completely different vulnerabilities lurk within the spaghetti shadow of the Linux kernel anyway?

In response to Mike Parkin, senior technical engineer at Vulcan Cyber, “Fortunately, whereas these vulnerabilities are simple to make use of, they require native consumer entry, which ought to restrict the assault plan. Ubuntu has launched patches to deal with the issue and distributions utilizing the affected OverlayFS module ought to exchange their kernel as quickly as attainable.

Which Ubuntu variants are weak

Wiz’s evaluation signifies that upcoming Ubuntu variants have been compromised:

Launch Kernel mannequin CVE-2023-2640 CVE-2023-32629
Ubuntu 23.04 (moon lobster) 6.2.0 Secure Secure
Ubuntu 22.10 (Kinetic Kudu) 5.19.0 Secure Secure
Ubuntu 22.04 LTS (Jammy Jellyfish) 5.19.0 Secure Secure
Ubuntu 22.04 LTS (Jammy Jellyfish) 6.2.0 Secure Secure
Ubuntu 22.04 LTS (Jammy Jellyfish) 5.15.0 NO NO
Ubuntu 20.04 LTS (focal pit) 5.15.0 NO NO
Ubuntu 20.04 LTS (focal pit) 5.4.0 NO Secure
Ubuntu 18.04 LTS (Bionic Beaver) 5.4.0 NO Secure

Verify in case your system is weak or not?

To seek out out in case your Ubuntu mannequin is weak, observe these steps:

  1. Open the terminal and run the following command:
cat /and so forth/os-release
  1. Verify the kernel mannequin amount by working the following command:
uname -r

Repair Linux vulnerability in Ubuntu


To entry extra data, kindly discuss with the next link