Thus, “there’s little affect of not ‘patching’ the vulnerability,” he mentioned. “Organizations utilizing centralized configuration instruments like Ansible could deploy these modifications with often scheduled upkeep or reboot home windows.”
Options supposed to enhance safety
Mockingly, final October Ubuntu launched AppArmor-based options to enhance safety by decreasing the assault floor from unprivileged person namespaces within the Linux kernel. It didn’t fairly try this.
“That is an unintended consequence the place a safety management was put in place nevertheless it isn’t absolutely utilized,” mentioned Beggs, “so it permits anybody to push and escalate their privileges.”
Three bypasses
Unprivileged person namespaces are a characteristic within the Linux kernel which can be supposed to offer further sandboxing performance for packages similar to container runtimes, says Ubuntu. It allows unprivileged customers to realize administrator (root) permissions inside a confined setting, with out giving them elevated permissions on the host system.
Nonetheless, unprivileged person namespaces have been repeatedly used to use kernel vulnerabilities, so the AppArmor restriction added to Ubuntu 23.10 and 24.04 LTS was speculated to act as a safety hardening measure.
However Qualys found three completely different bypasses, every of which permits a neighborhood attacker to create person namespaces with full administrator capabilities, and subsequently to nonetheless exploit vulnerabilities in kernel parts that require capabilities similar to CAP_SYS_ADMIN or CAP_NET_ADMIN:
Arabic
Chinese (Simplified)
Dutch
English
French
German
Italian
Japanese
Korean
Latin
Portuguese
Russian
Spanish