Skip to content
Technology

Discovered Various Evasion Techniques in Ubuntu Infrastructure

Unprivileged user namespace restrictions bypasses discovered in Ubuntu by Qualys Threat Research Unit; three separate vulnerabilities identified, each enabling local attackers to gain full administrative powers through the creation of user namespaces. Qualys has privately reported these...

 and  Administrator
1 min read
Unveiled: Multiple Vulnerabilities Found in Ubuntu System
Unveiled: Multiple Vulnerabilities Found in Ubuntu System

Discovered Various Evasion Techniques in Ubuntu Infrastructure

In a recent disclosure by Qualys Threat Research Unit (TRU), three security bypasses have been identified in Ubuntu's unprivileged user namespace restrictions. These bypasses, if exploited, could potentially allow local adversaries to gain root access or execute arbitrary code on a system.

The affected versions include Ubuntu 24.04 and later, with Ubuntu 23.10 being the earliest version where these bypasses were discovered. It is important to note that these bypasses do not affect Ubuntu versions below 23.10.

In Ubuntu 23.10, unprivileged user namespace restrictions were introduced but not enabled by default. However, users who manually enabled these restrictions were potentially affected, and those who upgraded to later versions from 23.10 are also at risk. The same applies to Ubuntu 24.04, where unprivileged user namespace restrictions were not enabled by default.

Each bypass enables the exploitation of vulnerabilities in kernel components that require high administrative privileges within a confined environment. By circumventing the unprivileged user namespace restrictions, local attackers can create user namespaces with full administrative capabilities.

The unprivileged user namespace restrictions were initially introduced in Ubuntu 23.10 and were enabled by default in Ubuntu 24.04. However, in Ubuntu 23.10, they were not enabled by default, but could be manually enabled.

Qualys responsibly disclosed these vulnerabilities to the Ubuntu Security Team in January, 2025. Users who have previously enabled and relied on unprivileged user namespace restrictions in Ubuntu 23.10 are advised to upgrade to the latest version or disable these restrictions as a precautionary measure.

It is crucial to remember that these bypasses do not enable complete system takeover individually. However, they can be dangerous when combined with other vulnerabilities, typically kernel-related. As always, maintaining a secure and up-to-date system is the best defence against such threats.

Read also:

Related

Latest