Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0061 The Dirty Pipe Vulnerability affecting Linux kernel 8 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel Operating System: Linux variants Resolution: Patch/Upgrade CVE Names: CVE-2022-0847 Reference: ESB-2022.0944 Comment: CVSS (Max): 7.8 CVE-2022-0847 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H OVERVIEW A linux kernel vulnerability (Dirty Pipe) has been reported which allows an existing user to escalate privileges on the system to root.[1] IMPACT Successful exploitation allows a local user to inject and overwrite data in read-only files, including SUID processes that run as root.[1] A Proof-of-concept exploit is available publicly.[2] The following vulnerability has been addressed: CVE-2022-0847 All major distros using Linux kernel since 5.8 are affected.[2] This includes Red Hat Enterprise Linux 8 and Debian Bullseye (11).[4][5] MITIGATION It is advised to upgrade the affected Linux kernel to the latest release if available. [3] REFERENCES [1] New Linux bug gives root on all major distros, exploit released https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/ [2] The Dirty Pipe Vulnerability https://dirtypipe.cm4all.com/ [3] Kernel fixed version commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d2231c5d74e13b2a0546fee6737ee4446017903 [4] Red Hat advisory https://access.redhat.com/security/cve/cve-2022-0847 [5] Debian advisory https://security-tracker.debian.org/tracker/CVE-2022-0847 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYia0o+NLKJtyKPYoAQgAUg//RNvIplF+er6/YcUtiNkzgRY2Gvb9vIa9 Vd3lB0tCZXjNHO+5tlloHEbc1v4TLdOwFUaQU7MKO9/o6mxArYuLnC5sMXzKKRw8 w572Zta7lC5Xd441i2jzoiWoxYLGs7wlsVeAY1KT2r4+M//R0oYGrDaZAaIxTqBe QJwqL+W5HBtrXqBYMEmuAFLnTBQQRhLOpMtDT1mA5EAZ1ceeI34daWQFVnWMlhqv y7sRE5elmsAbSC8kEcBS8tCulIy+RREmBBwyfTNIhc9WMsRV+Oy/K5hznoLL+2JD Tz1BnaZtD9JtJuaW02JjxHnOtAGh7mxnOp/xpvfFMKdw9yCc3G3ttzYZUFOLMO3n X3H6vX4AX86k7722QlRlEL/tIItIwydE5+ajh+GNKHUbBvOawOo7DAOcoBEIp5vR HX+hYjR1XILOXprYGTS4cODk+wrDfcBDYRG0DtuN+8yImuYzTnn7IReBIb6grnfs GqmdssAPDCA7t4THwDMNmclXjQfS1CQQK7PeOwrUmFoIifsMvf/pHc3J2757IZET imF8gpMl7yoxuk3OZdO2ZCBQTKcsZny1WzntXKa3W81+FMihXy+XZka7xfECbd3j cpZbupRSlKdFClhFxcmp/rfW3Tgzdfyrb60MEpY9NEctq5wo5ZTk44IWFab3Inob 5DVAs8G/c7w= =OZ2w -----END PGP SIGNATURE-----