Security News > 2022 > March > QNAP warns severe Linux bug affects most of its NAS devices

QNAP warns severe Linux bug affects most of its NAS devices
2022-03-14 16:09

Taiwanese hardware vendor QNAP warns most of its Network Attached Storage devices are impacted by a high severity Linux vulnerability dubbed 'Dirty Pipe' that allows attackers with local access to gain root privileges.

The 'Dirty Pipe' security bug affects Linux Kernel 5.8 and later versions, even on Android devices.

While a patch was released for the security flaw one week ago with Linux kernels versions 5.16.11, 5.15.25, and 5.10.102, QNAP says that its customers will have to wait until the company releases its own security updates.

QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS. QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS. You can find a complete list of all affected models on this kernel list page under the "Kernel Version 5.10.60" entry.

QNAP added that none of its NAS devices running QTS 4.x are affected and vulnerable to attacks.

Until QNAP releases security updates to address the Dirty Pipe vulnerability, you should ensure that your NAS device is not exposed to Internet attacks to block attempts to gain local access.


News URL

https://www.bleepingcomputer.com/news/security/qnap-warns-severe-linux-bug-affects-most-of-its-nas-devices/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232
Qnap 80 4 97 122 76 299