Researchers have revealed details about a long-standing security vulnerability that has been active in the Linux kernel for over eight years. The cybersecurity analysts from Northwestern University (Zhenpeng Lin, Yuhang Wu, and Xinyu Xing) described it as:- “As Nasty As Dirty Pipe”
As an outcome of the investigation, Max Kellermann discovered and
In short, it opens the door to privilege escalation for underprivileged processes.
An unknown vulnerability that is tracked as “CVE-2022-2588” was exploited by DirtyCred to escalate privileges. This CVE-2022-2588 vulnerability is a use-after-free issue.
Due to the vulnerability, an attacker with local privileges will be able to crash the system, potentially allowing them to escalate their privileges locally.
Here below, we have mentioned a comparison figure of DirtyPipe & DirtyCred:-
By using this method of exploitation, any vulnerability with double-free capability can be exploited. Here’s what the cybersecurity researchers stated:-
“Like the dirty pipe that could bypass all the kernel protections, our exploitation method could even demonstrate the ability to escape the container actively that dirty pipe is not capable of.”
In defense of DirtyCred, there are a couple of things you can do, and here they are mentioned below:-
- The isolation of objects is based on their type, not their privileges.
- Ensure that privileged credentials are kept separate from unprivileged credentials.
- Using “vmalloc”, isolate the object in virtual memory.