New security bypasses in Ubuntu's user namespace restrictions require manual mitigation

Cyber risk and security company Qualys has revealed three security bypasses affecting the unprivileged user namespace restrictions in Ubuntu. These bypasses, discovered by Qualys TRU, allow local attackers to create user namespaces with full administrative capabilities, enabling the exploitation of vulnerabilities in kernel components that require administrative privileges. The restrictions were first introduced in Ubuntu 23.10 and are enabled by default in Ubuntu 24.04, impacting versions 24.04 and later.

While these bypasses do not allow for a complete system takeover on their own, they pose a significant risk when combined with other vulnerabilities, particularly those related to the kernel. Qualys informed the Ubuntu Security Team about these vulnerabilities on January 15, 2025, and has since been collaborating with them. Canonical, the organization behind Ubuntu, has acknowledged the findings and is working on enhancing AppArmor protections. These improvements will be rolled out according to Ubuntu's standard release schedules, rather than as immediate security patches. Canonical has also written an article explaining how to mitigate and minimize the attack surface.