ClickCease New Linux exploit "Dirty Cred" revealed - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

New Linux exploit “Dirty Cred” revealed

Obanla Opeyemi

August 23, 2022 - TuxCare expert team

Zhenpeng Lin, a PhD student, and other researchers have uncovered a new Linux Kernel exploitation called Dirty Cred. The flaw tracked as CVE-2022-2588 was unveiled at Black Hat security conference last week.

Dirty Cred is a use-after-free bug in route4_change in the net/sched/cls_route.c filter implementation found the Linux kernel. This bug allows a local privileged attacker to crash the system resulting in a local privileged escalation problem.

In order to detect the exploit, Lin worked on an alternative approach to a preciously discovered “Dirty Pipe” vulnerability that was targeted at Linux kernel version 8 and later.

Lin’s team was able to uncover a way to exchange Linux kernel data on systems that are vulnerable to Dirty Pipe and the new Dirty Cred.

The researchers’ generic approach can be applied to containers as opposed to Dirty Pipe and Android, ultimately “enabling various bugs to be Dirty Pipe-like.”

The approach to exploit the vulnerability can be used to elevate a low privileged user on two different systems such as Centos 8 and Ubuntu with similar exploit code.

Since privileged credentials are not isolated from non-privileged credentials, an attacker may attempt to exchange them. In the case of Dirty Cred, data can be modified to ensure privilege escalation by releasing an in-use unprivileged credentials to allocate privileged space in the freed memory slot. This enable attackers operate as a privileged user.

To protect systems from Dirty Cred attacks, researchers recommend isolating privileged credentials from unprivileged credentials and using virtual memory to prevent cross-cache attacks. Also, a patch is already available on GitHub and consist of isolating task cred using vmalloc.

The sources for this piece include an article in esecuritypanel.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023

Bitdefender releases decryptor for MegaCortex...

Bitdefender experts have created a universal decryptor for victims of...

January 20, 2023