The Qualys Threat Research Unit (TRU) identified three vulnerabilities in Ubuntu's user namespace restrictions, potentially allowing unprivileged local users to escalate privileges and gain full administrative access. Although these flaws do not permit complete system takeovers alone, they increase risks when coupled with other kernel vulnerabilities. Attackers could exploit these flaws using default tools like aa-exec and busybox. Qualys disclosed these vulnerabilities to Ubuntu on January 15 and has been collaborating with the Ubuntu Security Team to address the issues.
Linux distributions generally allow unprivileged users to create namespaces that help in creating containers and additional sandboxing functionality for programs such as container runtimes, but that also creates a weak spot.
Most major Linux distributions permit unprivileged users to create namespaces... While beneficial for creating containers and sandboxes, this significantly expands the kernel's attack surface.
Each would allow a local attacker to create user namespaces with full administrative capabilities... allowing them to exploit vulnerabilities in kernel components.
An unprivileged local attacker... can simply use the aa-exec tool... to transition to one of the many pre-configured AppArmor profiles.
Collection
[
|
...
]