How to Fix GameOver(lay)- Two Local Privilege Escalation Vulnerabilities in Ubuntu Linux Kernel?

Sagi TzadikShir Tamari from Wiz disclosed two easy-to-exploit local privilege escalation vulnerabilities in the OverlayFS module of the Ubuntu Linux Kernel. These two vulnerabilities assigned with the identifiers CVE-2023-2640 and CVE-2023-32629 could be severe than it appears as no configuration changes are needed to exploit these vulnerabilities. These issues are unique, although they look similar to the two-year-old Overlayfs vulnerability (CVE-2021-3493).  Let’s dive deep into the issue and understand how these vulnerabilities are unique, although they share the same functionality in terms of exploitation.

Before going to the technical details, it’s good to know about the OverlayFS that has existed since 2009 as part of the Linux Kernel.

 

See also  How To Protect Your macOS From New AdLoad Adware?

Leave a Reply

Your email address will not be published. Required fields are marked *