A Vulnerability in Linux Kernel Could Allow for Data Overwrite in Arbitrary Read-Only Files - PATCH: NOW - TLP: WHITE
ITS ADVISORY NUMBER:
2022-030
DATE(S) ISSUED:
Thursday, March 10, 2022
SUBJECT:
A Vulnerability in Linux Kernel Could Allow for Data Overwrite in Arbitrary Read-Only Files - PATCH: NOW - TLP: WHITE
OVERVIEW:
A vulnerability has been discovered in the Linux kernel, which could allow for data overwrite in arbitrary read-only files by non-privilege users. Linux is a family of open-source Unix-like operating systems based on the Linux kernel. Successful exploitation of this vulnerability could allow for root privilege escalation.
THREAT INTELLIGENCE:
There is currently a publicly available proof of concept for the exploitation of this vulnerability.
SYSTEMS AFFECTED:
- Linux Kernels version 5.8 to 5.16.10, 5.15.24 and 5.10.101
RISK:
Government:
Large and medium government entities: High
Small government entities: High
Business:
Large and medium business entities: High
Small business entities: High
Home Users: Medium
DESCRIPTION:
A vulnerability has been discovered in the Linux kernel, which could allow for data overwrite in arbitrary read-only files by non-privilege users. Linux is a family of open-source Unix-like operating systems based on the Linux kernel. Successful exploitation of this vulnerability could allow for root privilege escalation through the editing of administrative files such as /etc/passwd.
ACTIONS:
We recommend the following actions be taken:
- Update affected systems to kernel versions that have remediated the vulnerability.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
REFERENCES:
Git:
https://learn.cisecurity.org/e/799323/4e13b2a0546fee6737ee4446017903/rrg...
Max Kellerman:
https://dirtypipe.cm4all.com/
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847