Researchers at Wiz Security discovered two flaws in Ubuntu’s OverlayFS module, which, if exploited, can let hackers gain elevated privileges and perform arbitrary code execution.
This puts over 40% of the total Ubuntu users at risk of exploitation, who must patch it immediately to safeguard themselves. Ubuntu says the latest update will address six more vulnerabilities, thus urging for an update. People who don’t know how to update the third-party kernel modules can try doing so through the package manager.
Targeting Ubuntu Kernel Modules
Ubuntu is the most famous software among all Linux distributions, with over 100 million users worldwide, 40% in the US! Though it’s big enough to have it’s team, some of the critical elements of the OS are still procured from the core Linux – putting Ubuntu indirectly at risk.
The same happens this week, with researchers at Wiz Security claiming over 40% of Ubuntu users are at risk of exploitation due to the following bugs;
- CVE-2023-2640(CVSS score: 7.8) – is a vulnerability in the Ubuntu Linux kernel caused by inadequate permission checks allowing a local attacker to gain elevated privileges.
- CVE-2023-32629(CVSS score: 5.4) This vulnerability is in the Linux kernel memory management subsystem, where a race condition when accessing VMAs may lead to use-after-free, allowing a local attacker to perform arbitrary code execution.
Both these bugs are prevalent in the OverlayFS module of the Linux kernel – which Ubuntu adopts. This resulted in an indirect threat to Ubuntu, considering that the PoCs of these two flaws have been around in the public for quite some time.
Thus, researchers are urging users to patch the flaws as soon as possible; while assuring that it affects only the Ubuntu group. Other Linux distributions, including Ubuntu forks and those not based on custom OverlayFS modules are safe.
Alongside the abovementioned flaws, Ubuntu’s latest update also patches six more vulnerabilities in the Ubuntu Linux kernel. People who don’t know how to reinstall and activate third-party kernel modules can try updating via the package manager, which is a more direct approach.
Other Trending News:- News
