The new Ubuntu privileges elevation vulnerabilities: what is it and what does it mean

July 27, 2023: the Wiz research company published a report that revealed two new vulnerabilities – CVE-2023-2640 and CVE-2023-32629 – found recently in the Ubuntu operating system. Of course, the report was only made public after Ubuntu had released a patch that fixes the new vulnerabilities, as is commonly accepted in the world of technology. The vulnerabilities were in fact discovered way back on June 23, and then reported to Ubuntu first.

New Ubuntu privileges escalation vulnerability

What are the CVE-2023-2640 and CVE-2023-32629 vulnerabilities?

CVE-2023-2640 and CVE-2023-32629 are the newly discovered Ubuntu vulnerabilities caused by one of Linux modules, the OverlayFS, and its faulty check of privileges that might result in unprivileged users of the system getting escalated rights. Getting elevated rights would mean that an attacker could get access to execution of various commands or code, which might sabotage the work of business processes on that machine, cause data leaks, etc.

How serious is the threat of the new Ubuntu vulnerabilities?

OverlayFS is a component introduced even in the ‘parent’ Linux and is basically one of the essentials. It’s a union mount module, an overlay to enable mounting of several file systems at the same time, which helps to combine multiple directories into one to contain their combined contents. You guessed it – it is used quite widely in virtualization environments, CD-ROMS, etc.

According to the researchers’ estimation, nearly 40% of all Ubuntu workloads are susceptible to the new vulnerability. Ubuntu is among the most popular Linux distributives, owing to its user-friendly interface and management system, as well as the largest community. There are approximately 40,000,000 of Ubuntu-powered devices in world. By the way, Ubuntu was one of the Linux distros that our video surveillance software Xeoma was introduced for. To this day Ubuntu versions are on our ‘officially supported’ list.

Is it just the Ubuntu?

Yes. Actually, OverlayFS had been introduced by and used in ‘parent’ Linux and, consequently, its forks, and many of them do modify the module. However, it is the changes that Ubuntu community applied to OverlayFS in 2018 that later got in conflict with Linux’s official patches, which resulted in this security breach eventually. So this specific issue is only pertinent to Ubuntu so far.

Is my computer at risk, too?

If your computer is running Ubuntu 18.04, 20.04, 22.04, 22.10, 23.04 – yes. Luckily, however, the Wiz researchers claim that the vulnerability is only possible locally, and a remote attack is improbable. However, you are advised to take action in restoring security of your system in either of two ways described below.

What am I to do to protect my Ubuntu computer?

Understandably, the new Ubuntu vulnerability report was issued only after Ubuntu had released a patch to fix the security breach. So all Ubuntu users are advised to look for the USN-6250-1 notice at ubuntu.com, where they can find the patch note and the fix package along with instructions.

Alternatively, a system administrator can limit access to OverlayFS to only root users, so that ant adversarial attempts to abuse the module fail.

It is to be considered that virtually any operating system can have vulnerabilities, so there is no guarantee that another operating system will not find itself in Ubuntu’s place in a while. So there is no point in abandoning your favorite Ubuntu now, especially since the latest vulnerability has been fixed before it became widely known of.

How will the CVE-2023-2640 and CVE-2023-32629 Ubuntu vulnerabilities affect Xeoma video surveillance?

There is no direct dependency between Ubuntu CVE-2023-2640 / CVE-2023-32629 vulnerabilities and Xeoma video surveillance. Surely, the security restoration efforts are still advised for Ubuntu-powered video surveillance systems: after all, if the server machine gets messed with, that might affect all processes and services running there – including Xeoma. Better be safe than sorry!

—

We hope that this article answers your questions about the new OverlayFS-in-Ubuntu vulnerability issue.
Stay in touch with what’s important in the world of security and technology – with Xeoma video surveillance! Xeoma is there to help protect what’s important.

July 28, 2023