×

Irish Information Security Forum

VULNERABILITY SPOTLIGHT: Dirty Pipe

Ref Source: Recorded Future

 

CVE-2022-0847 (Dirty Pipe) is a Linux kernel vulnerability that was disclosed in early March 2022.

 

The vulnerability was introduced in Linux kernel version 5.8 and allows for local privilege escalation via arbitrary file overwrites. An example proof-ofconcept (POC) exploit was released with the disclosure, and since then several other POCs have been published on GitHub. The public exploits are reliable and only require a small number of prerequisites to work, such as having read permissions to a targeted file. Given the nature of this vulnerability, there are many different files that can be targeted for privilege escalation; therefore, this report highlights the techniques used by existing POC exploits.

 

CVE-2022-0847 was patched in Linux kernel versions 5.16.11, 5.15.25, and 5.10.102, and all major Linux-based distributions have incorporated patches into their package repositories. Organizations should apply the recommended patches as soon as possible.


Key Observations

  • CVE-2022-0847 existed in the wild for roughly 2 years, although there is no evidence that it was exploited prior to its public disclosure.
  • Multiple POC exploits are publicly available, making this vulnerability easy to exploit and accessible to unsophisticated attackers.
  • Exploits for CVE-2022-0847 are reliable and allow an attacker to gain root access when run on a vulnerable system. The root access enables the threat actor to perform administrative tasks such as reading sensitive files, installing malicious software, impersonating users, and potentially moving laterally throughout the network.
  • The only mitigation for CVE-2022-0847 is to apply security patches, which are available for all major Linux distributions.
  • Recorded Future has observed over 90 underground forum references to CVE-2022-0847 since it was disclosed, illustrating a general interest and potential intent to exploit the vulnerability in future campaigns

 

This report provides an overview, technical analysis, and mitigations for CVE-2022-0847. Sources include the Recorded Future® Platform, GitHub, and open-source reporting. The intended audience for this report is defenders and analysts who are interested in how CVE-2022-0847 exploits work, as well as current mitigations that can be employed.

 

Download Report

dirty pipe vulnerability report

 

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter