The Qualys Threat Research Unit (TRU) has uncovered three security bypasses in Ubuntu’s unprivileged user namespace restrictions.
Researchers disclosed these vulnerabilities to the Ubuntu Security Team on 15 January this year, has been working with then ever since.
Researchers found three distinct bypasses of these namespace restrictions, each of which would allow bad actors to create user namespaces with full administrative capabilities.
“These bypasses facilitate exploiting vulnerabilities in kernel components requiring powerful administrative privileges within a confined environment. The restrictions on unprivileged user namespaces were initially introduced in Ubuntu 23.10 and enabled by default in Ubuntu 24.04,” Qualys explained.
The security giant also said it is important to note that while these bypasses on their own do not enable complete system takeover; they become dangerous when combined with other vulnerabilities, usually kernel related.
Looking at the Namespaces
Most major Linux distributions allow unprivileged users to create namespaces which effectively gains them full administrative rights.
Although this benefits them when it comes to creating containers and sandboxes, it also dramatically expands the kernel’s attack surface.
“When new kernel vulnerabilities emerge, namespaces often make these exploitable by unprivileged users. Ubuntu is notably proactive in mitigating such risks by preventing unprivileged users from acquiring capabilities within namespaces,” the researchers said.
Affected Ubuntu versions
The security bypasses affect Ubuntu version 24.04 and later. Ubuntu 23.10 introduces built-in unprivileged user namespace restrictions, though they are not enabled by default. These protections were introduced in this release, and users who have previously enabled and relied on them are affected.
Prioritize Suggested Mitigations
Saeed Abbasi, Manager, Vulnerability Research, Qualys Threat Research Unit (TRU), says from an enterprise perspective—particularly for organizations that depend on Ubuntu-based servers in their cloud, data center, or other critical infrastructures—this highlights the risk of losing security protections when your defense-in-depth strategy relies on them.
“Addressing these bypasses through recommended mitigations is crucial to maintaining a robust security posture. Enterprises should prioritize suggested mitigations for affected Ubuntu systems and stay informed about kernel vulnerabilities that could be exploited by leveraging namespaces or related techniques, he adds.
Full technical details of these security bypasses can be found here.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.