Details have emerged of an eight-year-old vulnerability in the Linux kernel that researchers say is "as bad as the Dirty Pipe".
Dubbed DirtyCred by a group of academics from Northwestern University, the vulnerability exploits a previously unknown vulnerability (CVE-2022-2588) to escalate privileges to the extreme.
“DirtyCred is a kernel exploit concept that swaps unprivileged kernel credentials with privileged ones for privilege escalation,” researchers Zhenpeng Lin, Yuhang Wu, and Xinyu Xing noted. “Instead of overwriting any important data fields on the kernel heap, DirtyCred abuses the heap memory reuse mechanism to gain privileges.”
This entails three steps:
- Release unprivileged credentials in use with the vulnerability
- Allocate privileged credentials into the freed memory slot by running a privileged userspace process such as su, mount, or sshd.
- Work as a premium user
The new exploitation method, according to the researchers, pushes the affected pipe to the next level, making it more general and robust in a way that it can run on any version of the affected kernel.
"AI Unbound: Shaping the Future, One Algorithm at a Time".