Two privilege escalation vulnerabilities, collectively called GameOver(lay), may affect 40% of cloud workloads running on Ubuntu. The GameOver(lay) vulnerabilities were discovered by security firm Wiz and jointly reported by The Hacker News.
The vulnerabilities were reported under CVE-2023-32629 and CVE-2023-2640 and only affect Ubuntu kernels.
In some situations, the vulnerabilities allow a local attacker to elevate privileges by taking advantage of inadequate permission checks. According to Wiz, the “flaws allow the creation of specialized executables, which, upon execution, grant the ability to escalate privileges to root on the affected machine.” This is accomplished through a Linux feature called file capabilities that temporarily grants elevated permissions to an executable while it is running.
GameOver(lay) stems from modifications made by Ubuntu to OverlayFS, a union file system that makes it possible to combine multiple file system mounts into a single directory structure containing content from all sources. Such technology is crucial in Docker environments for managing changes to container images without modifying the base images. (OverlayFS is the preferred storage driver for Docker.)
Ubuntu fixed both vulnerabilities as of July 24, 2023.