A new threat advisory for Linux users has been released, emphasising the existence of the DirtyCred vulnerability. Many researchers believed this flaw would be Dirty Pipe’s successor – the most destructive exploit against the Linux kernel.
Based on reports, DirtyCred’s exploitation methods are more standard but effective than Dirty Pipe’s. Moreover, the method of its attack could work on any version of the impacted kernel.
Cybersecurity researchers first revealed the DirtyCred vulnerability and noted that DirtyCred’s exploitation method could enable flaws with double-free ability to demonstrate abilities like the Dirty Pipe.
The new flaw can behave like Dirty Pipe when avoiding all Linux kernel protections and could have a feature that escapes the container actively that Dirty Pipe cannot execute.
The significant difference between the two vulnerabilities is that the Dirty Pipe flaw can only impact Linux kernel versions from v5.8. In contrast, the DirtyCred vulnerability can exploit all Linux architecture and kernels.
A threat operator can exploit the DirtyCred vulnerability with an unprivileged credential.
According to the researchers, a hostile attacker should free an in-use unprivileged credential to abuse the DirtyCred flaw. Subsequently, the attacker should allocate privileged credentials in the vacated memory slot by privileged users’ space processes such as mount, sshd, or su to run as a privileged user.
Anyone with previously unidentified bugs can execute the abuse of security flaws to escalate privileges. DirtyCred also abuses the heap memory reuse functionality to obtain the privilege instead of overwriting critical data fields on the kernel heap.
The flaw then enables underprivileged processes to code to arbitrary readable files for escalating rights within the targeted system.
The DirtyCred vulnerability critically affects Linux kernels if abused by a malicious entity. Therefore, cybersecurity researchers recommend isolating privileged credentials from underprivileged ones using virtual memory. This action from the researchers may help mitigate or avoid the effects of this newly discovered threat.