Shulou(Shulou.com)11/24 Report--

CTOnews.com July 27 News, Wiz research expert S. Tzadik and S. Tamari recently discovered two security vulnerabilities in Ubuntu, which can increase local permissions and affect an estimated 40% of Ubuntu users.

CTOnews.com summarizes two vulnerabilities according to the content of the blog post as follows:

Tracking Number: CVE-2023-2640 This vulnerability is a high-risk security vulnerability with a CVSS v3 score of 7.8 (out of 10, the higher the score, the more dangerous).

The vulnerability exists in the Ubuntu Linux kernel and allows local attackers to escalate privileges by exploiting insufficient privilege checking.

Tracking Number CVE-2023-32629 This vulnerability is moderately severe with a CVSS v3 score of 5.4. The vulnerability also exists in the kernel and race conditions when accessing VMA could lead to use-after-release, allowing a native attacker to execute arbitrary code.

The two analysts identified the two escalation vulnerabilities after comparing differences in the OverlayFS module on the Linux kernel.

OverlayFS is a federated mount file system implementation, and Ubuntu, as one of the distributions that uses OverlayFS, made custom changes to its OverlayFS module in 2018, which are usually safe.

However, the Linux kernel team tweaked the module in 2019 and 2022, respectively, resulting in incompatibility with Ubuntu versions.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.