Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One™ and Cloud One™

Trend Micro -

Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One and Cloud One

Exploits & Vulnerabilities

We provide a guide to detecting Dirty Pipe, a Linux kernel vulnerability tracked as CVE-2022-0847. 

By: Sunil Bharti April 06, 2022 Read time:  ( words)

This blog provides threat analysts a guide to detecting an arbitrary file overwrite vulnerability in Linux Kernel, also known as Dirty Pipe. Dirty Pipe is a local privilege escalation vulnerability that is tracked as CVE-2022-0847. It has a CVSS score of 7.8 and was discovered by IONOS software developer Max Kellermann. 

 This vulnerability exists in Linux kernel and exploits the flaw in Linux Kernel memory management in the way pipe page caches are merged and overwrites other page caches. The vulnerability is easy to exploit and allows a low-privileged user to escalate to root privilege on the host. There have also been various public proof-of-concept exploits. 

 Attackers can abuse this flaw to write to pages in the page cache of read-only files. They can also execute their code to escalate their privileges on the system.  

 The following sections outline

Read More: https://www.trendmicro.com/en_us/research/22/d/detecting-exploitation-of-local-vulnerabilities-through-trend-mi.html