DirtyPipe Enables Critical Attacks on Container Environments
On Mar. 3rd, Linux publicly disclosed DirtyPipe, a critical kernel vulnerability introduced in Linux 5.8 and tracked as CVE-2022-0847. Unprivileged local attackers can exploit DirtyPipe to take over a vulnerable machine by injecting code into root processes, or by overwriting read-only, immutable, or root-owned files. The vulnerability is relatively easy to exploit and enables significant attacks against container environments....