The most dangerous vulnerability in the last few years was found in the Linux kernel

Linux has discovered a vulnerability (CVE-2022-0847) that allows unverified users to overwrite the contents of any files. You can install backdoors, create unauthorized user accounts, change scripts used in privileged services or applications, and so on.

The vulnerability was named Dirty Pipe, similar to the 2016 Dirty Cow issue, which allowed unverified users to increase privileges on the system. The researchers then showed how you can get root access to any Android phone, regardless of the mobile OS version.

It is noted that Dirty Pipe is easier to operate than its predecessor — and also affects Android systems.

The lowest user «nobody» could use this simple bash script and allows anybody to overwrite data in arbitrary read-only files (CVE-2022-0847)It is similar to CVE-2016-5195 «Dirty Cow» but is easier to exploit. t.co/i8pO7EEHTx #infosec #CVE pic.twitter.com/wzBrtjN4Qw
— nopslide (@nopsIide) March 7, 2022

Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary. t.co/q8NtTlbgOZ pic.twitter.com/jxYUKYVCBo
— BLASTY (@bl4sty) March 7, 2022

For the first time, this problem appeared in the Linux 5.8 kernel, which was released in August 2020 and affected almost all Linux distributions. Fixed it last month - with the release of versions 5.16.11, 5.15.25 and 5.10.102.The Fix was also added to the kernel used in Android.

Posted By John Doe

Klarna has a 10% reduction in staff "due to the war in Ukraine": the company laid off about 700 employees via video call (UPD)

Binance will not support Mastercard and Visa cards issued in Russia, and Coinbase blocked 25 thousand wallets of Russians