Two high-severity security vulnerabilities have been revealed in the Ubuntu kernel. These flaws, dubbed as GameOver(lay) and traced as CVE-2023-2640 and CVE-2023-32629 with a CVSS score of 7.8, are found in a module known as OverlayFS. The vulnerabilities stem from inadequate permissions checks in certain circumstances that could let a local user gain elevated privileges.
Here’s what you need to know:
What are CVE 2023-2640 & CVE-2023-32629?
CVE-2023-2640 involves certain Ubuntu kernels that allow an unprivileged user to set privileged extended attributes on mounted files without proper security checks.
The second flaw, CVE-2023-32629, is a local privilege escalation vulnerability that skips permission checks when performing certain operations on Ubuntu kernels.
In essence, the GameOver(lay) vulnerabilities enable the crafting of an executable file with scoped file capabilities, tricking the Ubuntu Kernel into copying it to a different location with unscoped capabilities. This grants anyone executing it root-like privileges.
Do they affect me?
These vulnerabilities are likely to impact around 40% of Ubuntu users, according to a report by cloud security firm Wiz. If you are part of this demographic or use Ubuntu versions that are commonly found in the cloud—acting as the default operating system for multiple cloud service providers—you may be at risk.
Have they been actively exploited in the wild?
The report does not specify if these vulnerabilities have been actively exploited in the wild.
How to fix CVE 2023-2640 & CVE-2023-32629
As per responsible disclosure, Ubuntu has addressed these vulnerabilities as of July 24, 2023. Therefore, users are recommended to update their systems to the latest Ubuntu version to ensure they are protected against these security flaws. The detection of these vulnerabilities highlights the unforeseen implications of subtle changes in the Linux kernel introduced by Ubuntu.
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: