"Almost 40% Of Ubuntu Users Vulnerable to New Privilege Elevation Flaws"

Two recently introduced Linux vulnerabilities in the Ubuntu kernel make it possible for unprivileged local users to acquire elevated privileges on a large number of devices. Ubuntu is one of the most popular Linux distributions, particularly in the US, with an estimated 40 million users. Two vulnerabilities tracked as CVE-2023-32629 and CVE-2023-2640, discovered by Wiz researchers, were recently introduced into the operating system, affecting about 40 percent of Ubuntu's users. CVE-2023-2640 is a high-severity (CVSS v3 score: 7.8) vulnerability in the Ubuntu Linux kernel that allows a local attacker to gain elevated privileges. CVE-2023-32629 is a medium-severity (CVSS v3 score: 5.4) vulnerability in the Linux kernel memory management subsystem, where a race condition when accessing VMAs may result in use-after-free, allowing arbitrary code execution by a local attacker. This article continues to discuss the discovery and impact of the Linux vulnerabilities.

Bleeping Computer reports "Almost 40% Of Ubuntu Users Vulnerable to New Privilege Elevation Flaws"