[MART] - Daily Diary #465 - New Linux Vulnerability Allows Privilege Escalation

CTAS-MAT ctas-mat at appgate.com
Tue Mar 8 20:28:03 UTC 2022

I hope everyone is doing well!

Below is the entry for today.

03/08/2022 - Diary entry #465

Beginning this month, a new vulnerability in Linux kernel was disclosed. Named "Dirty Pipe", the vulnerability is being tracked under CVE-2022-0847, having received a CVS score of 7.8. When successfully exploited, CVE-2022-0847 allows arbitrary file overwrite, which can be used to escalate privileges in an infected machine.

CVE-2022-0847 is very similar to "Dirty Cow" (CVE-2016-5195), a vulnerability disclosed in 2016 that also allowed arbitrary file overwrite in a similar way. CVE-2016-5195 was used in the next months by several threat actors and even to exploit Android devices, gaining root access.

This vulnerability affects all Linux kernel versions from 5.8, and was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. Google already fixed it in Android kernel, but may take a while until the vendors update their builds. As this vulnerability is not complex to exploit, we believe soon threat actors will add it into their toolkits, and even in mobile exploitation attacks. We highly recommend anyone running Linux systems to update their kernels, and install updates from smartphones vendors as soon as they are available.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220308/b41ffe48/attachment.htm>

More information about the MART mailing list