Thus, “there may be little impression of not ‘patching’ the vulnerability,” he stated. “Organizations utilizing centralized configuration instruments like Ansible might deploy these adjustments with often scheduled upkeep or reboot home windows.”
Options supposed to enhance security
Mockingly, final October Ubuntu launched AppArmor-based options to enhance security by decreasing the assault floor from unprivileged person namespaces within the Linux kernel. It didn’t fairly do this.
“That is an unintended consequence the place a security management was put in place but it surely isn’t absolutely utilized,” stated Beggs, “so it permits anybody to push and escalate their privileges.”
Three bypasses
Unprivileged person namespaces are a characteristic within the Linux kernel which can be supposed to supply extra sandboxing performance for packages corresponding to container runtimes, says Ubuntu. It allows unprivileged customers to realize administrator (root) permissions inside a confined atmosphere, with out giving them elevated permissions on the host system.
Nonetheless, unprivileged person namespaces have been repeatedly used to take advantage of kernel vulnerabilities, so the AppArmor restriction added to Ubuntu 23.10 and 24.04 LTS was presupposed to act as a security hardening measure.
However Qualys found three totally different bypasses, every of which permits an area attacker to create person namespaces with full administrator capabilities, and subsequently to nonetheless exploit vulnerabilities in kernel parts that require capabilities corresponding to CAP_SYS_ADMIN or CAP_NET_ADMIN:
