Critical Linux Kernel Vulnerabilities Affect GCP Instances; OverlayFS Privilege Escalation Patched
Ubuntu has released security updates addressing multiple Linux kernel vulnerabilities, including two critical OverlayFS permission-check flaws that allow local privilege escalation. The patch covers dozens of subsystems across ARM64, networking, GPU, and storage drivers.
TL;DR
- CVE-2023-2640 and CVE-2023-32629 exploit OverlayFS permission checks to enable local privilege escalation
- Patch addresses 30+ kernel subsystems including block layer, GPU drivers, Bluetooth, and NVME
- GCP Linux instances running affected kernel versions require immediate updates
- Local attacker access required; no remote exploitation vector identified in this advisory
Canonical has released USN-8297-1, addressing multiple security vulnerabilities in the Linux kernel used by Google Cloud Platform instances. The advisory highlights two particularly severe flaws in the OverlayFS filesystem implementation that permit local attackers to escalate privileges without additional exploitation techniques.
Beyond the OverlayFS issues, the update resolves security defects spanning a broad range of kernel subsystems. Affected components include ARM64 architecture support, block layer drivers, GPU acceleration, Bluetooth connectivity, DMA engines, and network drivers. Organizations running Ubuntu on GCP should prioritize applying this patch to prevent potential compromise.
The vulnerability chain demonstrates how permission-validation gaps in filesystem abstractions can undermine kernel security boundaries. OverlayFS, commonly used in containerized and cloud environments, requires strict enforcement of access controls to prevent privilege boundary violations.
OverlayFS Permission-Check Vulnerabilities
- CVE-2023-2640 and CVE-2023-32629 stem from improper permission validation in OverlayFS implementation
- Local attackers can exploit the flaw to gain elevated privileges on affected systems
- OverlayFS is widely deployed in container runtimes and cloud storage abstractions
- No authentication or network access required; local shell access is the attack prerequisite
Broad Kernel Subsystem Coverage
- ARM64 architecture fixes improve security for Graviton and other ARM-based cloud instances
- Block layer and NVME driver patches address storage-stack vulnerabilities
- GPU driver updates secure graphics acceleration used in ML and rendering workloads
- Network driver corrections span Ethernet bonding, team drivers, and STMicroelectronics PHY controllers
- Bluetooth, DMA, HID, and LED subsystem fixes close additional attack surfaces
Deployment Recommendations
- Apply USN-8297-1 to all Ubuntu instances on GCP running affected kernel versions
- Prioritize systems with multi-tenant or untrusted-user access models
- Verify kernel version post-patch to confirm successful remediation
- Monitor system logs for exploitation attempts targeting OverlayFS permission boundaries
Sources
Fontes
Atualizações de segurança por e-mail
Um e-mail resumo quando publicarmos novos artigos de segurança (TL;DR e links para ler mais). Cancele a inscrição a qualquer momento no rodapé da mensagem. Veja nossa Política de Privacidade.