32.Lock Code Circular

Researchers have revealed details about a long-standing security vulnerability that has been active in the Linux kernel for over eight years. The cybersecurity analysts from Northwestern University (Zhenpeng Lin, Yuhang Wu, and Xinyu Xing) described it as:- “As Nasty As Dirty Pipe”.

 

As an outcome of the investigation, Max Kellermann discovered and reported the Dirty Pipe flaw as CVE-2022-0847 with a CVSS score of 7.8. This nasty vulnerability in the Linux kernel is dubbed “DirtyCred.”

Using the DirtyCred, privileged credentials are swapped for unprivileged ones in order to escalate privileges. To gain privileges, DirtyCred uses the heap memory reuse method rather than overwriting critical kernel data fields.