How can we help?
A vulnerability in the Linux kernel (CVE-2022-0847) would allow a user to overwrite data in read-only files. The bug affects versions from 5.8, including Android devices.
QNAP have confirmed that their NAS devices are vulnerable, with no patch available.
An unprivileged local Linux user could use this flaw to escalate their privileges on the system.
Check the running kernel version.
Dirty Pipe affects Linux kernel versions prior to 5.17-rc6.
– QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS.
– QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS.
Containment, Mitigations & Remediations
There is currently no patch available but, when there is, it should be applied as an emergency change.
Access to the device should be controlled by network security access controls.
Indicators of Compromise
Linux LPEs are mostly a concern for shared hosting providers who grant users unprivileged access to servers. Unpatched Network Attached Storage devices will be of interest to ransomware groups looking to get around access controls.
T1068– Exploitation for Privilege Escalation