all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Container Exploit: Rooting Non-Root Containers with CVE-2023-2640 and CVE-2023-32629, aka GameOver(lay)

Add to bookmarks
c
Oct. 11, 2023, 10:30 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by CrowdStrike. Two new privilege escalation CVEs, CVE-2023-2640 and CVE-2023-32629, have been discovered in the Ubuntu kernel OverlayFS module. The CVEs affect not only any Ubuntu hosts running with vulnerable kernel versions but also any containers running on those hosts.CrowdStrike has discovered that CVE-2023-2640 and CVE-2023-32629 can be used to root the non-root containers under certain circumstances using these vulnerabilities. Once “container root” is achieved, a...

container containers crowdstrike cve cves escalation exploit kernel non overlayfs privilege privilege escalation root running ubuntu vulnerable

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
The Risk and Impact of Unauthorized Access to Enterprise Environments 3 days, 7 hours ago | cloudsecurityalliance.org
access advanced api api security +28
Cl
Automated Cloud Remediation – Empty Hype, Viable Strategy, or Something in Between? 3 days, 7 hours ago | cloudsecurityalliance.org
amp automated automation cloud +15
Cl
Cloud Security Alliance and SAFECode Release Sixth and Final White Paper in Its Six Pillars … 5 days, 14 hours ago | cloudsecurityalliance.org
alliance best practices certifications clear +19
Cl
Apple's New iMessage, Signal, and Post-Quantum Cryptography 5 days, 16 hours ago | cloudsecurityalliance.org
apple application attack computers +25
Cl
2024 State of SaaS Security Report Shows A Gap Between Security Team Confidence And Complexity … 5 days, 16 hours ago | cloudsecurityalliance.org
applications complexity data enterprise +18
Cl
Navigating Cloud Security Best Practices: A Strategic Guide 1 week, 3 days ago | cloudsecurityalliance.org
best practices blog cloud cloud computing +25
Cl
Building Trust Through Vendor Risk Management 1 week, 3 days ago | cloudsecurityalliance.org
advisory barr advisory building building trust +19
Cl
New SEC Rules: Material Incident Reporting Through Cybersecurity Disclosures 1 week, 4 days ago | cloudsecurityalliance.org
aim companies cybersecurity cybersecurity risks +22
Cl
A Risk-Based Approach to Vulnerability Management 1 week, 5 days ago | cloudsecurityalliance.org
armorcode attacks events impact +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Operations Vice President - Content Developer

@ JPMorgan Chase & Co. | Jersey City, NJ, United States
View on infosec-jobs.com

Computer and Forensics Investigator

@ ManTech | 221BQ - Cstmr Site,Springfield,VA
View on infosec-jobs.com

Senior Security Analyst

@ Oracle | United States
View on infosec-jobs.com