Network-connected storage (NAS) equipment maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and acquire handle of influenced methods.
“A neighborhood privilege escalation vulnerability, also recognised as ‘Dirty Pipe,’ has been reported to have an affect on the Linux kernel on QNAP NAS managing QTS 5..x and QuTS hero h5..x,” the firm explained. “If exploited, this vulnerability permits an unprivileged person to obtain administrator privileges and inject destructive code.”
The Taiwanese company stated it is continuing to thoroughly look into its products line for the vulnerability and that there is certainly no QNAP NAS managing QTS 4.x are immune to the Dirty Pipe flaw.
Tracked as CVE-2022-0847 (CVSS rating: 7.8), the shortcoming resides in the Linux kernel that could permit an attacker to overwrite arbitrary information into any examine-only information and make it possible for for a comprehensive takeover of susceptible equipment.
The issue has given that been preset in Linux variations 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022, a few times just after it was claimed to the Linux kernel security staff.
“At the moment there is no mitigation accessible for this vulnerability,” the firm additional. “We advise people to test back again and set up security updates as before long as they grow to be accessible.”
Located this posting attention-grabbing? Abide by THN on Fb, Twitter and LinkedIn to examine extra exclusive content we publish.
Some parts of this post are sourced from: