"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered

[[correlate]]

Content source

https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html

Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe."
Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level.

"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered

Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe."

thehackernews.com

 

[ForgottenSeer 95367]

Open source is not more secure. There just isn't enough security audits of the kernel code nor the larger Linux code ecosystem, such as repos. Therefore, there are a lot of "Nasty Dirty Pipes" when it comes to Linux. The only thing saving Linux users is the gamble that threat actors do not target Linux. Should you fret or switch away from Linux for security reasons? Unless you are a really unsafe user, probably not.

It would be wise to reduce attack surface (ASR) and harden Linux.