8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe

guest · Aug 22, 2022

Researchers shared details of an eight-year-old flaw dubbed DirtyCred
August 22, 2022

Researchers from Northwestern University (Zhenpeng Lin | PhD Student,
Yuhang Wu | PhD Student, Xinyu Xing | Associate Professor) disclosed an eight-year-old security vulnerability in the Linux kernel, dubbed DirtyCred, which they defined “as nasty as Dirty Pipe.”

The Dirty Pipe flaw, tracked as CVE-2022-0847, was discovered by the security expert Max Kellermann that explained that it can allow local users to gain root privileges on all major distros.
Click to expand...

DirtyCred abuses the heap memory reuse mechanism to escalate privileged.

“DirtyCred is a kernel exploitation concept that swaps unprivileged kernel credentials with privileged ones to escalate privilege. Instead of overwriting any critical data fields on kernel heap, DirtyCred abuses the heap memory reuse mechanism to get privileged. Although the concept is simple, it is effective.” reads the advisory published by the experts.
Click to expand...

The DirtyCred issue exploits an unknown vulnerability, tracked as CVE-2022-2588, to escalate privileges. The CVE-2022-2588 flaw is use-after-free issue that resides in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. The vulnerability allows a local, privileged attacker to crash the system, potentially leading to a local privilege escalation.

The experts explained that the exploits written with DirtyCred would work with different kernels and architectures.
Click to expand...

In this talk, we present a novel exploitation method pushing the dirty pipe to the next level. To be specific, given a vulnerability with a double-free ability, we will demonstrate that our exploitation method could obtain the dirty-pipe-like ability to overwrite an arbitrary file to escalate privilege. Exploits utilizing our method inherit the advantage of the dirty pipe that the code would work on any version of the kernel affected without modification.” reads the description of the talk that the researchers presented at the recent BlackHat 2022 hacking conference.
Click to expand...

Log in or Sign up

8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe

guest Guest

Log in or Sign up

8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe

guest Guest

Useful Searches