Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2022.0061
The Dirty Pipe Vulnerability affecting Linux kernel
8 March 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux kernel
Operating System: Linux variants
Resolution: Patch/Upgrade
CVE Names: CVE-2022-0847
Reference: ESB-2022.0944
Comment: CVSS (Max): 7.8 CVE-2022-0847 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
OVERVIEW
A linux kernel vulnerability (Dirty Pipe) has been reported which
allows an existing user to escalate privileges on the system to root.[1]
IMPACT
Successful exploitation allows a local user to inject and overwrite data
in read-only files, including SUID processes that run as root.[1]
A Proof-of-concept exploit is available publicly.[2]
The following vulnerability has been addressed:
CVE-2022-0847
All major distros using Linux kernel since 5.8 are affected.[2]
This includes Red Hat Enterprise Linux 8 and Debian Bullseye (11).[4][5]
MITIGATION
It is advised to upgrade the affected Linux kernel to the latest release if available. [3]
REFERENCES
[1] New Linux bug gives root on all major distros, exploit released
https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/
[2] The Dirty Pipe Vulnerability
https://dirtypipe.cm4all.com/
[3] Kernel fixed version commit
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d2231c5d74e13b2a0546fee6737ee4446017903
[4] Red Hat advisory
https://access.redhat.com/security/cve/cve-2022-0847
[5] Debian advisory
https://security-tracker.debian.org/tracker/CVE-2022-0847
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYia0o+NLKJtyKPYoAQgAUg//RNvIplF+er6/YcUtiNkzgRY2Gvb9vIa9
Vd3lB0tCZXjNHO+5tlloHEbc1v4TLdOwFUaQU7MKO9/o6mxArYuLnC5sMXzKKRw8
w572Zta7lC5Xd441i2jzoiWoxYLGs7wlsVeAY1KT2r4+M//R0oYGrDaZAaIxTqBe
QJwqL+W5HBtrXqBYMEmuAFLnTBQQRhLOpMtDT1mA5EAZ1ceeI34daWQFVnWMlhqv
y7sRE5elmsAbSC8kEcBS8tCulIy+RREmBBwyfTNIhc9WMsRV+Oy/K5hznoLL+2JD
Tz1BnaZtD9JtJuaW02JjxHnOtAGh7mxnOp/xpvfFMKdw9yCc3G3ttzYZUFOLMO3n
X3H6vX4AX86k7722QlRlEL/tIItIwydE5+ajh+GNKHUbBvOawOo7DAOcoBEIp5vR
HX+hYjR1XILOXprYGTS4cODk+wrDfcBDYRG0DtuN+8yImuYzTnn7IReBIb6grnfs
GqmdssAPDCA7t4THwDMNmclXjQfS1CQQK7PeOwrUmFoIifsMvf/pHc3J2757IZET
imF8gpMl7yoxuk3OZdO2ZCBQTKcsZny1WzntXKa3W81+FMihXy+XZka7xfECbd3j
cpZbupRSlKdFClhFxcmp/rfW3Tgzdfyrb60MEpY9NEctq5wo5ZTk44IWFab3Inob
5DVAs8G/c7w=
=OZ2w
-----END PGP SIGNATURE-----