Security News > 2022 > March > Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw

Dirty Pipe, a recently reported local privilege escalation vulnerability, affects the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x, QNAP advised.

QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS. QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS. QNAP NAS running QTS 4.x aren't affected.

As pointed out by Linux news site Linuxiac, Dirty Pipe doesn't just threaten Linux machines: Since Android is based on the Linux kernel, any device running version 5.8 or later is also vulnerable, endangering a slew of people.

"The Common Vulnerabilities and Exposures database describes it as a"flaw in the way the 'flags' member of the new pipe buffer structure was lacking proper initialization in copy page to iter pipe and push pipe functions in the Linux kernel and could thus contain stale values.

That's an earlier privilege escalation vulnerability that had already been in Linux for nine years - since 2007 - when it came under public attacks against web-facing Linux servers in 2016.

The Dirty Pipe flaw has been fixed in the latest Linux kernel code, and patches should be available soon for the major distributions.

News URL

https://threatpost.com/most-qnap-nas-devices-affected-by-dirty-pipe-linux-flaw/178920/