Security News > 2022 > March > Linux distros patch 'Dirty Pipe' make-me-root kernel bug

Linux distros patch 'Dirty Pipe' make-me-root kernel bug
2022-03-08 04:26

A Linux local privilege escalation flaw dubbed Dirty Pipe has been discovered and disclosed along with proof-of-concept exploit code.

Max Kellermann said he found the programming blunder and reported it to the kernel security team in February, which issued patches within a few days.

The bug can be abused to add or overwrite data in sensitive read-only files, such as removing the root password from /etc/passwd allowing anyone on the system to get superuser access.

"There were no blocks added in the last three days at all since the disclosure, and none because of any data leak post/tweet," a spokesperson told us on Monday.

Homomorphic encryption - which allows operations to be performed on encrypted data without having to decrypt and re-encrypt it - has been probed by academics at North Carolina State University, who now claim they have come up with a technique to snoop on data as it is being encrypted and fed into a system.

In effect, it's really just obtaining the data before it's even in the homomorphic system.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/08/in_brief_security/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232
Kernel 3 0 7 4 1 12