8-Year-Old Linux Kernel Bug

Researchers have revealed details about a long-standing security vulnerability that has been active in the Linux kernel for over eight years. The cybersecurity analysts from Northwestern University (Zhenpeng Lin, Yuhang Wu, and Xinyu Xing) described it as:- “As Nasty As Dirty Pipe”

As an outcome of the investigation, Max Kellermann discovered and reported the Dirty Pipe flaw as CVE-2022-0847 with a CVSS score of 7.8. This nasty vulnerability in the Linux kernel is dubbed “DirtyCred.”

Using the DirtyCred, privileged credentials are swapped for unprivileged ones in order to escalate privileges. To gain privileges, DirtyCred uses the heap memory reuse method rather than overwriting critical kernel data fields.

There is no doubt that the novel method of exploitation pushes dirty pipe” to a new and unprecedented level. Increasing its generality and potency at the same time. Moreover, the Linux kernels starting from version 5.8 are affected by this vulnerability.

In short, it opens the door to privilege escalation for underprivileged processes.

Dirty Exploitation

An unknown vulnerability that is tracked as “CVE-2022-2588” was exploited by DirtyCred to escalate privileges. This CVE-2022-2588 vulnerability is a use-after-free issue.

Due to the vulnerability, an attacker with local privileges will be able to crash the system, potentially allowing them to escalate their privileges locally.

Here below, we have mentioned a comparison figure of DirtyPipe & DirtyCred:-

By using this method of exploitation, any vulnerability with double-free capability can be exploited. Here’s what the cybersecurity researchers stated:-

“Like the dirty pipe that could bypass all the kernel protections, our exploitation method could even demonstrate the ability to escape the container actively that dirty pipe is not capable of.”

Recommendation

In defense of DirtyCred, there are a couple of things you can do, and here they are mentioned below:-

  • The isolation of objects is based on their type, not their privileges.
  • Ensure that privileged credentials are kept separate from unprivileged credentials.
  • Using “vmalloc”, isolate the object in virtual memory.

Rise of Remote Workers: A Checklist for Securing Your Network – Download Free White paper

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.