- Three academics from Northwestern University, which name themselves “DirtyCred”, have found an 8-year-old bug in the Linux kernel.
- The vulnerability allows attackers to swap their unprivileged credentials with the privileged ones, effectively making them an administrator.
- The vulnerability allows abusing the heap memory reuse mechanism to achieve the goal of having maximum-level privileges.
A group of three academics from Northwestern University named DirtyCred has found a new vulnerability that has been existing in the Linux kernel for eight years. The vulnerability can be tracked as CVE-2022-2588 and has a severity score of 6.7.
Swapping the credentials
The vulnerability allows attackers to escalate their user privileges to the administrator level. The vulnerability makes it possible by swapping the unprivileged credentials with the privileged ones in the kernel. This process is done by heap memory reuse mechanism abuse. The DirtyCred team has a very detailed explanation of the process, which can be found here.
The main steps to exploit the vulnerability are:
- Free an unprivileged credential with the vulnerability
- Allocate privileged credentials in the freed memory slot
- Operate as a privileged user
DirtyCred also states that this vulnerability is more dangerous than Dirty Pipe, which affects the Linux kernel versions starting from 5.8. Dirty Pipe exploitation was possible but it had many requirements and it was not able to escape from a container. However, DirtyCred’s vulnerability is a generic one and it can escape from a container.
Security researchers recommend setting up isolation between privileged and unprivileged credentials by utilizing virtual memory.
FAQ
What is the most recent Linux kernel?
The latest version of Linux Kernel is 6.2 and it was released on February 20, 2023. Also, the latest LTS (Long-Term Support) version of Linux Kernel is 6.1 and it was released on December 11, 2022.
How do you check the installed Linux kernel version?
You can check the Linux kernel version of your system with three different methods. You can simply use uname -r command to quickly check the Linux kernel version. You can also use cat /proc/version to check the version from a file. Installing the neofetch application is also an option to check the kernel version and it provides additional information about the other packages installed as well.
Can the Linux kernel be customized?
Yes, the Linux kernel can be customized. You can customize the Linux kernel by enabling or disabling specific options, and even adding new functionalities. But it’s a complicated process; you can check online guides about customizing the Linux kernel.
Is it legal to edit the Linux kernel?
Yes, it is legal to edit the Linux kernel since it is under General Public License.
Is the Linux kernel open source?
Yes, the Linux kernel is an open-source project.
Who developed the Linux kernel?
Linus Torvalds has developed and still developing the Linux kernel.
Does Linus Torvalds still work on Linux?
Yes, Linus Torvalds still works on developing the Linux kernel.
What is the Linux kernel written in?
Linux kernel code is written in the standard C programming language.