MJCM Posted March 9, 2022 Share Posted March 9, 2022 (edited) https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/ Quote A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits. The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root. Kellerman states that the vulnerability is similar to the Dirty COW vulnerability (CVE-2016-5195) fixed in 2016. The vulnerability was responsibly disclosed to various Linux maintainers starting on February 20th, 2022, including the Linux kernel security team and the Android Security Team. While the bug has been fixed in Linux kernels 5.16.11, 5.15.25, and 5.10.102, many servers continue to run outdated kernels making the release of this exploit a significant issue to server administrators. Edited March 9, 2022 by MJCM Link to comment Share on other sites More sharing options...
MJCM Posted March 9, 2022 Author Share Posted March 9, 2022 More info: https://dirtypipe.cm4all.com/ Link to comment Share on other sites More sharing options...
MJCM Posted March 10, 2022 Author Share Posted March 10, 2022 (edited) I received the update this morning on my Raspberry PI 4 Previous Kernel root@raspberrypi:/home/pi# uname -a Linux raspberrypi 5.10.92-v7l+ #1514 SMP Mon Jan 17 17:38:03 GMT 2022 armv7l GNU/Linux New one root@raspberrypi:/home/pi# uname -a Linux raspberrypi 5.10.103-v7l+ #1530 SMP Tue Mar 8 13:05:01 GMT 2022 armv7l GNU/Linux Edited March 10, 2022 by MJCM Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now