Experts from Northwestern University have revealed the details of the Dirty Cred vulnerability, which has been present in the Linux kernel code for eight years. Experts say that the vulnerability is no less dangerous than the Dirty Pipe problem, which was sensational at the beginning of the year, and it can be used to elevate privileges to the maximum level.
The Dirty Cred vulnerability has been identified as CVE-2022-2588. The researchers explain that the exploit for Dirty Cred allows you to replace unprivileged kernel credentials with privileged ones in order to increase privileges.
“Instead of overwriting any important data fields in the kernel heap, Dirty Cred is abusing the heap’s memory reuse mechanism to gain privileges,” the scientists report says.
In essence, an attacker needs to perform three steps: using a vulnerability to free the non-privileged credentials used; allocate privileged credentials in freed memory by starting a privileged process (for example, su, mount or sshd); become a privileged user. According to the researchers, the new exploitation method takes the Dirty Pipe problem to the next level, making it more versatile and powerful, capable of attacking any version of the vulnerable kernel.