DirtyCred
Zhenpeng Lin, Yuhang Wu, Xinyu Xing
2022Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security30 citationsDOI
Abstract
The kernel vulnerability DirtyPipe was reported to be present in nearly all versions of Linux since 5.8. Using this vulnerability, a bad actor could fulfill privilege escalation without triggering existing kernel protection and exploit mitigation, making this vulnerability particularly disconcerting. However, the success of DirtyPipe exploitation heavily relies on this vulnerability's capability (i.e., injecting data into the arbitrary file through Linux's pipes). Such an ability is rarely seen for other kernel vulnerabilities, making the defense relatively easy. As long as Linux users eliminate the vulnerability, the system could be relatively secure.
Topics & Concepts
Vulnerability (computing)ExploitLinux kernelComputer scienceComputer securityKernel (algebra)File systemOperating systemVulnerability managementVulnerability assessmentPsychologyMathematicsPsychological resilienceCombinatoricsPsychotherapistSecurity and Verification in ComputingAdvanced Malware Detection TechniquesDiamond and Carbon-based Materials Research