New Ubuntu Kernel Updates Patch Two Local Privilege Escalation Flaws
Canonical released new Ubuntu kernel updates to patch two security vulnerabilities that allow an attacker to escalate their privileges on the system. The security updates are available for Ubuntu 22.10 and Ubuntu 22.04 LTS using Linux kernel 5.19 as well as Ubuntu 22.04 LTS and Ubuntu 20.04 LTS using Linux kernel 5.15 LTS.
Local Privilege Escalation Vulnerabilities
One vulnerability addressed in this update is CVE-2023-1829, which was found in the tcindex filter of the Linux Kernel. The tcindex_delete function, responsible for deleting the underlying structure, does not properly deactivate filters in the event of perfect hashes.
As a result, the structure can be double-freed, potentially leading to a privilege escalation attack. A local attacker user can use this vulnerability to elevate its privileges to root. Canonical points out that in order to fix this problem, it was necessary to disable kernel support for the TCINDEX classifier.
Another vulnerability patched in this update is CVE-2023-0386, which was found in the OverlayFS subsystem of the Linux kernel, enabling unauthorized access to the setuid file with capabilities. Specifically, the bug occurs when a user copies a capable file from a nosuid mount into another mount, leading to an issue with uid mapping. This vulnerability can be exploited by a local user to escalate their privileges on the system.
Thus, it is recommended for all affected users apply the kernel security updates immediately.
The new kernel versions are as follows:
- linux-image 5.19.0-41.42 for Ubuntu 22.10
- linux-image 5.19.0-41.42~22.04.1 for Ubuntu 22.04 LTS using Linux 5.19 HWE
- linux-image 22.214.171.124.69 for Ubuntu 22.04 LTS
- linux-image 5.15.0-71.78~20.04.1 for Ubuntu 20.04 LTS using Linux 5.15 HWE
Maintaining kernel security is critical for ensuring system security and uptime. KernelCare Enterprise provides security for Linux kernels, allowing you to live patch all popular distributions without system restart or downtimes. To learn how KernelCare’s live patching works, read the process here.
The sources for this article include a story from 9to5Linux.