Multiple Workarounds in Ubuntu detected

AndyC 1 April 2025

The Research Unit of Qualys Threat (TRU) has revealed three workarounds in Ubuntu’s limitations for unprivileged users. Qualys verified that they reported these vulnerabilities responsibly to the Ubuntu Security Team in January 2025.

Multiple Bypasses in Ubuntu discovered



The Research Unit of Qualys Threat (TRU) has revealed three workarounds in Ubuntu’s limitations for unprivileged users. Qualys verified that they reported these vulnerabilities responsibly to the Ubuntu Security Team in January 2025.

Qualys TRU found three different alternatives for these limitations, where each one allows local attackers to establish user spaces with complete administrative capabilities. These workarounds make it easier to exploit weaknesses in kernel elements that require significant administrative rights within a restricted setting. The constraints on unprivileged user namespaces were initially added in Ubuntu 23.10 and were activated by default in Ubuntu 24.04. It is crucial to mention that these alternatives alone do not lead to total system control; however, they pose a threat when paired with other vulnerabilities, particularly those related to the kernel.

The workarounds for security impact Ubuntu version 24.04 and later. Ubuntu 23.10 introduces inherent limitations for unprivileged user namespaces; nevertheless, they are not activated by default. These defenses were rolled out in this version, and users who previously activated and depended on them are impacted.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , ,

More Stories

Australian Red Cross CIO departs

Chief Information Officer Resigns from Australian Red Cross

AndyC 7 April 2025
Australian Red Cross CIO departs

Chief Information Officer steps down from Australian Red Cross

AndyC 7 April 2025
Meta releases new AI model Llama 4

Meta reveals cutting-edge AI model Llama 4

AndyC 7 April 2025
Meta releases new AI model Llama 4

Meta unveils cutting-edge AI model Llama 4

AndyC 7 April 2025
Microsoft, turning 50, dials up Copilot actions to stay in AI game

Microsoft, celebrating half a century, boosts Copilot maneuvers to remain competitive in the AI sector

AndyC 7 April 2025
Microsoft, turning 50, dials up Copilot actions to stay in AI game

Microsoft, reaching half a century, ramps up Copilot maneuvers to remain competitive in AI arena

AndyC 7 April 2025

You may have missed

Hospital Ransomware Really is The Pitt

How CISOs Can Beat the Ransomware Blame Game 

AndyC 18 December 2025
Using AI to automatically cancel customers? Not a smart move

2026 Cyber Predictions: Accelerating AI, Data Sovereignty, and Architecture Rationalization 

AndyC 18 December 2025
Smashing Security podcast #448: The Kindle that got pwned

Smashing Security podcast #448: The Kindle that got pwned

AndyC 18 December 2025
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Private Certificate Authority 101: From Setup to Management

AndyC 18 December 2025
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

AndyC 18 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.