Dirty Pipe: Linux Kernel Vulnerability Could Lead to Root Privileges – CVE-2022-0847

Share :

Background

In April 2021, CVE-2022-0847 was discovered by security researcher Max Kellermann; it took another few months for him to figure out what was happening. The flaw has already been patched in the Linux kernel and the Android kernel. Affected Linux distributions are in the process of pushing out security updates with the patch.

Due to the similarities of the Dirty Cow flaw, CVE-2016-5195; has been named Dirty Pipe.

CVE ID

CVSS Score V3

CVSS Criticality

Type

Description

CVE-2022-0847

7.8

High

Local Privilege Escalation

Linux Kernel Vulnerability – Version 5.8 and later

Analysis

CVE-2022-0847

The Linux Kernel Security Team patched a local privilege escalation vulnerability in the Linux Kernel that could allow a threat actor with local access to an affected system to escalate user privileges to root.

The most likely attack scenario is from an internal threat where a malicious user could escalate from user to full root privileges. An external attack scenario would be from an attacker who already has local authenticated access to the vulnerable system either from another vulnerability or password spraying style attack. Once local authenticated access is achieved, the external attacker could then escalate to full root privileges leveraging this vulnerability.

Note: This is not a remotely exploitable vulnerability, a threat actor must have prior access to exploit the vulnerability.

Solutions and Recommendations

Due to the widespread nature of CVE-2022-0847, Arctic Wolf recommends patching systems in accordance with the Linux distribution vendor. Major Linux distributions have published security advisories detailing the impacted versions and remediation steps.

Prioritize patching systems that are external facing or are considered high value assets.

Linux Distribution

Vendor Advisory

Red Hat https://access.redhat.com/security/cve/CVE-2022-0847
Ubuntu https://ubuntu.com/security/CVE-2022-0847
Debian https://security-tracker.debian.org/tracker/CVE-2022-0847
SUSE https://www.suse.com/security/cve/CVE-2022-0847.html

References

Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.

Adrian Korn

Adrian Korn

Adrian Korn is a seasoned cyber security professional with 7+ years' experience in cyber threat intelligence, threat detection, and security operations. He currently serves as the Manager of Threat Intelligence Research at Arctic Wolf Labs. Adrian has been a guest speaker on intelligence related topics at numerous conferences around the world, including DEF CON's Recon Village, Hackfest, and the Australian OSINT Symposium.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter