If you're on Linux kernel 5.8 or above and have non-root users, patch your kernel ASAP

Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps.

Dirty Pipe, as the vulnerability has been named, is among the most serious Linux threats to be disclosed since 2016, the year another high-severity and easy-to-exploit Linux flaw (named Dirty Cow) came to light as it was being used to hack a researcher’s server.

More technical details: https://dirtypipe.cm4all.com/

5 Likes

This is not great.

But unrelated, I’m kind of glad that we’ve passed the phase of:

  1. Finding a vulnerability
  2. Finding a catchy name for the vulnerability
  3. Building a landing page to spread vulnerability awareness as well as promoting your company/firm/what have you
  4. Spread on all social media/influencer sites
  5. ???
  6. Profit
3 Likes