The Qualys Threat Research Unit (TRU) has disclosed three workaround techniques in Ubuntu related to unprivileged user namespace restrictions. In January 2025, Qualys responsibly informed the Ubuntu Security Team about these vulnerabilities.
Qualys TRU discovered three separate workarounds for bypassing these namespace restrictions. Each workaround allows local attackers to establish user namespaces with complete administrative privileges. These workarounds aid in exploiting vulnerabilities in kernel components that demand significant administrative rights within a confined setting. The constraints on unprivileged user namespaces were initially added in Ubuntu 23.10 and activated by default in Ubuntu 24.04. It is crucial to emphasize that these workarounds, by themselves, do not grant full control of the system; however, they pose a threat when leveraged in conjunction with other vulnerabilities, particularly those associated with the kernel.
The workaround techniques impact Ubuntu version 24.04 and onwards. Ubuntu 23.10 introduces pre-installed unprivileged user namespace restrictions, although they are not activated by default. These safeguards were integrated in this version, and users who may have previously turned them on and depended on them are impacted.
About Author
