Monday, May 5, 2025
HomeCVE/vulnerabilityNew Ubuntu Linux Vulnerabilities Let Attackers Exploit Kernel Components

New Ubuntu Linux Vulnerabilities Let Attackers Exploit Kernel Components

Published on

SIEM as a Service

Follow Us on Google News

A new set of security vulnerabilities discovered in Ubuntu Linux has raised concerns about kernel exploitation risks.

Researchers at the Qualys Threat Research Unit (TRU) have uncovered three critical bypasses affecting Ubuntu’s unprivileged user namespace restrictions, potentially allowing attackers to exploit kernel components under certain conditions.

A Critical Discovery

The Qualys TRU team disclosed these vulnerabilities to the Ubuntu Security Team on January 15, 2025, and has been collaborating with them to address the issue.

- Advertisement - Google News

The vulnerabilities specifically target Ubuntu’s restrictions on unprivileged user namespaces, introduced in Ubuntu 23.10 and enabled by default in Ubuntu 24.04.

These security measures were designed to mitigate risks associated with unprivileged users creating namespaces, often considered an attack surface for kernel vulnerabilities.

The bypasses are unique and powerful, enabling local attackers to create user namespaces with unrestricted administrative capabilities.

While these vulnerabilities on their own cannot result in a full system compromise, they pose significant risks when chained with other kernel vulnerabilities. This highlights the importance of layered cybersecurity defenses.

Qualys Research Dashboard
Qualys Research Dashboard

Linux namespaces allow processes to operate within isolated environments with administrative privileges. This functionality is essential for containerization and sandboxing but also expands the kernel’s attack surface.

When new kernel vulnerabilities emerge, namespaces can enable their exploitation by unprivileged users. Ubuntu has been proactive in managing these risks, introducing restrictions that prevent unprivileged users from gaining capabilities within namespaces.

Elimination Details
Elimination Details

However, the discovered bypasses have compromised this safety mechanism in affected versions.

Affected Versions and Exposure

This vulnerability impacts Ubuntu 24.04 and later versions. Additionally, although Ubuntu 23.10 introduced namespace restrictions, they were not enabled by default in that release.

Users relying on these security features in these versions are particularly vulnerable.

To help organizations combat this threat, Qualys offers its TruRisk Eliminate module, integrated with their Vulnerability Management (VM) solutions.

With this tool, organizations can efficiently assign, test, and deploy mitigations against these vulnerabilities directly from Qualys’ interface.

Qualys has developed and tested mitigation scripts that enable rapid deployment to neutralize the risks. Teams can use the “Mitigate Now” feature or create mitigation jobs for affected assets.

While this approach provides an agile solution, Qualys advises testing mitigations in controlled environments to ensure compatibility and stability.

The discovery of these bypasses underscores the importance of proactive cybersecurity strategies. Organizations must adopt real-time mitigation solutions and virtual patching to address vulnerabilities when traditional updates aren’t feasible.

With tools like Qualys TruRisk Eliminate, businesses can rapidly reduce risk exposure and bolster defenses against emerging threats.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

North Korean Hacker Tries to Infiltrate Kraken Through Job Application

Leading cryptocurrency exchange Kraken has disclosed that it recently thwarted an infiltration attempt by...

Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access

Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro...

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

North Korean Hacker Tries to Infiltrate Kraken Through Job Application

Leading cryptocurrency exchange Kraken has disclosed that it recently thwarted an infiltration attempt by...

Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access

Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro...

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...