Get in Touch
QNAP devices vulnerable to Dirty Pipe Linux exploit
Overview
A vulnerability in the Linux kernel (CVE-2022-0847) would allow a user to overwrite data in read-only files. The bug affects versions from 5.8, including Android devices.
QNAP have confirmed that their NAS devices are vulnerable, with no patch available.
Impact
An unprivileged local Linux user could use this flaw to escalate their privileges on the system.
Vulnerability Detection
Check the running kernel version.
Affected Products
Dirty Pipe affects Linux kernel versions prior to 5.17-rc6.
– QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS.
– QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS.
Containment, Mitigations & Remediations
There is currently no patch available but, when there is, it should be applied as an emergency change.
Access to the device should be controlled by network security access controls.
Indicators of Compromise
None
Threat Landscape
There has been a string of local privilege escalation (LPE) vulnerabilities in Linux lately, including the polkit exploit, and one in eBPF.
Linux LPEs are mostly a concern for shared hosting providers who grant users unprivileged access to servers. Unpatched Network Attached Storage devices will be of interest to ransomware groups looking to get around access controls.
Mitre Methodologies
T1068– Exploitation for Privilege Escalation
Further Information
Local Privilege Escalation Vulnerability in Linux (Dirty Pipe)