Users of the Ubuntu 23.04 Lunar Lobster Linux distribution are being urged to update immediately due to two critical vulnerabilities affecting an estimated two in five Ubuntu users. The vulnerabilities, tracked as CVE-2023-32629 and CVE-2023-2640, were addressed in the latest patch for Ubuntu 23.04 Lunar Lobster.
The vulnerabilities stem from modifications made to the OverlayFS module in the Linux kernel project in 2019 and 2022, which conflicted with Ubuntu’s earlier changes. When Ubuntu adopted the new code, the vulnerabilities became apparent.
Both CVEs allow for local privilege escalation, making them attractive to attackers. The OverlayFS module is often accessible to unprivileged users, and it has a history of vulnerabilities that can be easily exploited.
Exploits for these vulnerabilities are already publicly available, making it crucial for users to apply the updates promptly. Linux has applied fixes for six other vulnerabilities as well.
Ubuntu advises users to perform a reboot after updating to ensure that the changes take effect. Given the severity and wide reach of these vulnerabilities, users should not delay applying the updates, even if they believe they have already updated recently.
