Wiz, a cloud security provider, has discovered two vulnerabilities that allow privilege escalation on Ubuntu, a Linux distribution variant.
These vulnerabilities can impact users from Ubuntu versions 18.04 LTS (Bionic Beaver) to the most recent versions. This includes 22.10 (Kinetic Kudu) and 23.04 (Lunar Lobster).
The vulnerabilities were found in OverlayFS, a modern file system used in various Linux distributions, including Ubuntu.
Typically, only the admin root user has permission to run executables with elevated privileges. However, these vulnerabilities could potentially allow anyone to run executables with administrator privileges.
For more in-depth information about these vulnerabilities, its impact on affected versions, and how it can be exploited, see Wiz’s report here.