Home > Cyber News > CVE-2022-2588: Dirty Cred Linux Kernel Vulnerability
CYBER NEWS

CVE-2022-2588: Dirty Cred Linux Kernel Vulnerability

by   |  Last Update:  |  0 Comments  

CVE-2022-2588: Dirty Cred Linux Kernel Vulnerability
CVE-2022-2588, also known as Dirty Cred, is an eight-year old vulnerability in the Linux kernel that has been described as “as nasty as Dirty Pipe”.

The Connection Between CVE-2022-2588 and CVE-2022-0847

Dirty Pipe, or CVE-2022-0847, was disclosed earlier this year in the Linux kernel since version 5.8.

The flaw could create the possibility for threat actors to overwrite arbitrary data into any read-only files and lead to a complete takeover of exposed systems. Researcher Max Kellermann said Dirty Pipe was similar to the Dirty Cow flaw disclosed in 2016 but easier to exploit. CVE-2016-5195, also known as Dirty Cow and Kernel Local Privilege Escalation, was found in every Linux distribution released in the past nine years, up to 2016.




CVE-2022-2588 or Dirty Cred, on the other hand, is closely tied to the capability of the CVE-2022-0847 vulnerability, according to Red Hat researchers. “For other vulnerabilities without such a pipe-abusive power, the exploitation is still hard to follow the dirty pipe journey and thus brings the same level of security implication,” they added.

CVE-2022-2588 has been described as a use-after-free flaw located in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. The vulnerability allows a local, privileged attacker to crash the system, possibly creating a local privilege escalation issue.

Is There Any Mitigation Against the Dirty Cred Vulnerability?

Mitigation for the vulnerability is either not available or the currently available options don’t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability, the researchers pointed out.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2022-0847: Dirty Pipe Kernel Vulnerability Is Easy to Exploit A new dangerous Linux vulnerability is lurking in unpatched distributions....
  2. The Best Linux Server Distributions in 2017 Gnu/Linux is one of the leading server operating systems due...
  3. Top 15 Linux Security Questions You Didn’t Know You Had Beginner Linux administrators and users should know that even though...
  4. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  5. CVE-2022-0492: Privilege Escalation Linux Kernel Vulnerability A new high-severity Linux kernel vulnerability could have been abused...
  6. CVE-2022-25636: Linux Kernel Netfilter Vulnerability Security researcher Nick Gregory recently discovered and reported a new...
  7. CVE-2020-28588: Information Disclosure Vulnerability in Linux Kernel CVE-2020-28588 is an information disclosure vulnerability in the Linux kernel...
  8. The Most Notorious Linux Bugs and Vulnerabilities (Exploits) Usually the Linux-kernel distributions are all made to be secure...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree