{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-054.pdf"
    },
    "title": "Privilege Escalation Vulnerabilities in Ubuntu",
    "serial_number": "2023-054",
    "publish_date": "31-07-2023 07:54:55",
    "description": "On the 24th of July, 2023, Ubuntu issued a fix for two local privilege escalation vulnerabilities, CVE-2023-2640 and CVE-2023-32629, that were discovered in the OverlayFS module of its Linux kernel.<br>\n",
    "url_title": "2023-054",
    "content_markdown": "---\ntitle: 'Privilege Escalation Vulnerabilities in Ubuntu'\nversion: '1.0'\nnumber: '2023-054'\noriginal_date: 'July 24, 2023'\ndate: 'July 31, 2023'\n---\n\n_History:_\n\n* _31/07/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn the 24th of July, 2023, Ubuntu issued a fix for two local privilege escalation vulnerabilities, **CVE-2023-2640** and **CVE-2023-32629**, that were discovered in the OverlayFS module of its Linux kernel [1].\n\n# Technical Details\n\nThe two vulnerabilities are exclusive to Ubuntu because of the changes Ubuntu introduced in the OverlayFS module in 2018. These modifications did not pose any risks initially. However, they later led to an unpatched vulnerable flow in Ubuntu after the discovery and fixing of a security vulnerability in the Linux kernel in 2020 [1].\n\n**CVE-2023-2640** is due to permission check and has a CVSS score of 7.8 out of 10.\n\n**CVE-2023-32629** is due to permission check and has a CVSS score of 7.8 out of 10.\n\n# Affected Products\n\nBased on the research [1], the following Ubuntu releases and versions are impacted:\n\n- Ubuntu 23.04 (Lunar Lobster) Version 6.2.0\n- Ubuntu 22.10 (Kinetic Kudu) Version 5.19.0\n- Ubuntu 22.04 LTS (Jammy Jellyfish) Versions 5.19.0 and 6.2.0\n- Ubuntu 20.04 LTS (Focal Fossa) Version 5.4.0 (Only affected by CVE-2023-32629)\n- Ubuntu 18.04 LTS (Bionic Beaver) Version 5.4.0 (Only affected by CVE-2023-32629)\n\nThis information is still being updated as more data becomes available from the official security bulletins for both CVEs [2][3].\n\n# Recommendations\n\nCERT-EU recommends reviewing Ubuntu's security bulletins [2][3] and applying the necessary updates.\n\n# References\n\n[1] <https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability>\n\n[2] <https://ubuntu.com/security/CVE-2023-32629>\n\n[3] <https://ubuntu.com/security/CVE-2023-2640>",
    "content_html": "<p><em>History:</em></p><ul><li><em>31/07/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On the 24th of July, 2023, Ubuntu issued a fix for two local privilege escalation vulnerabilities, <strong>CVE-2023-2640</strong> and <strong>CVE-2023-32629</strong>, that were discovered in the OverlayFS module of its Linux kernel [1].</p><h2 id=\"technical-details\">Technical Details</h2><p>The two vulnerabilities are exclusive to Ubuntu because of the changes Ubuntu introduced in the OverlayFS module in 2018. These modifications did not pose any risks initially. However, they later led to an unpatched vulnerable flow in Ubuntu after the discovery and fixing of a security vulnerability in the Linux kernel in 2020 [1].</p><p><strong>CVE-2023-2640</strong> is due to permission check and has a CVSS score of 7.8 out of 10.</p><p><strong>CVE-2023-32629</strong> is due to permission check and has a CVSS score of 7.8 out of 10.</p><h2 id=\"affected-products\">Affected Products</h2><p>Based on the research [1], the following Ubuntu releases and versions are impacted:</p><ul><li>Ubuntu 23.04 (Lunar Lobster) Version 6.2.0</li><li>Ubuntu 22.10 (Kinetic Kudu) Version 5.19.0</li><li>Ubuntu 22.04 LTS (Jammy Jellyfish) Versions 5.19.0 and 6.2.0</li><li>Ubuntu 20.04 LTS (Focal Fossa) Version 5.4.0 (Only affected by CVE-2023-32629)</li><li>Ubuntu 18.04 LTS (Bionic Beaver) Version 5.4.0 (Only affected by CVE-2023-32629)</li></ul><p>This information is still being updated as more data becomes available from the official security bulletins for both CVEs [2][3].</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends reviewing Ubuntu's security bulletins [2][3] and applying the necessary updates.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability\">https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://ubuntu.com/security/CVE-2023-32629\">https://ubuntu.com/security/CVE-2023-32629</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://ubuntu.com/security/CVE-2023-2640\">https://ubuntu.com/security/CVE-2023-2640</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}