Researchers say the eight-year-old Linux kernel security flaw is “as terrible as Dirty Pipe,” and details about it have already surfaced. The security hole, dubbed DirtyCred by a group of Northwestern University academics, uses a bug that was previously undiscovered (CVE-2022-2588) to escalate privileges to the highest level.
“DirtyCred is a kernel exploitation concept that replaces unprivileged kernel credentials with privileged ones to escalate privilege,” researchers Zhenpeng Lin, Yuhang Wu, and Xinyu Xing observed. Read More…