Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
August 23, 2022 - TuxCare expert team
Zhenpeng Lin, a PhD student, and other researchers have uncovered a new Linux Kernel exploitation called Dirty Cred. The flaw tracked as CVE-2022-2588 was unveiled at Black Hat security conference last week.
Dirty Cred is a use-after-free bug in route4_change in the net/sched/cls_route.c filter implementation found the Linux kernel. This bug allows a local privileged attacker to crash the system resulting in a local privileged escalation problem.
In order to detect the exploit, Lin worked on an alternative approach to a preciously discovered “Dirty Pipe” vulnerability that was targeted at Linux kernel version 8 and later.
Lin’s team was able to uncover a way to exchange Linux kernel data on systems that are vulnerable to Dirty Pipe and the new Dirty Cred.
The researchers’ generic approach can be applied to containers as opposed to Dirty Pipe and Android, ultimately “enabling various bugs to be Dirty Pipe-like.”
The approach to exploit the vulnerability can be used to elevate a low privileged user on two different systems such as Centos 8 and Ubuntu with similar exploit code.
Since privileged credentials are not isolated from non-privileged credentials, an attacker may attempt to exchange them. In the case of Dirty Cred, data can be modified to ensure privilege escalation by releasing an in-use unprivileged credentials to allocate privileged space in the freed memory slot. This enable attackers operate as a privileged user.
To protect systems from Dirty Cred attacks, researchers recommend isolating privileged credentials from unprivileged credentials and using virtual memory to prevent cross-cache attacks. Also, a patch is already available on GitHub and consist of isolating task cred using vmalloc.
The sources for this piece include an article in esecuritypanel.
Learn About Live Patching with TuxCare
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
A remote attacker could exploit multiple vulnerabilities in four Cisco...
In a notable IcedID malware attack, the assailant impacted the...
Bitdefender experts have created a universal decryptor for victims of...