The Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Dirty Pipe vulnerability and a Windows zero-day patched earlier this month.
Dirty Pipe
CISA added a High severity privilege escalation vulnerability dubbed “Dirty Pipe” in Linux kernel to the Catalog. Researcher Max Kellermann discovered the Dirty Pipe vulnerability CVE-2022-0847 and said the vulnerability had existed in the Linux kernel since version 5.8.
Kellerman wrote in a blog post the vulnerability “allows overwriting data in arbitrary read-only files” and can “lead to privilege escalation because unprivileged processes can inject code into root processes.”
In April 29, 2021, Kellerman first filed a support ticket about file corruption. However, it was not until February 19, 2022 when the file corruption issue was identified as an exploitable Linux kernel vulnerability.
Other vulnerabilities
One of the other Catalog additions include a Critical vulnerability CVE-2022-29464 in WSO2 products that could allow unrestricted file upload and lead to remote code execution.
Another newly added Microsoft Windows User Profile Service Elevation of Privilege (EoP) vulnerability CVE-2022-26904 was one of two zero-days Microsoft patched earlier this month.
CISA also added another Microsoft EoP vulnerability CVE-2022-21919 that was patched in January 2022.
A full list of the most recently added exploited vulnerabilities as of April 15, 2022:
| CVE | Vulnerability Name |
|---|---|
| CVE-2022-29464 | WSO2 Multiple Products Unrestrictive Upload of File Vulnerability |
| CVE-2022-26904 | Microsoft Windows User Profile Service Privilege Escalation Vulnerability |
| CVE-2022-21919 | Microsoft Windows User Profile Service Privilege Escalation Vulnerability |
| CVE-2022-0847 | Linux Kernel Privilege Escalation Vulnerability |
| CVE-2021-41357 | Microsoft Win32k Privilege Escalation Vulnerability |
| CVE-2021-40450 | Microsoft Win32k Privilege Escalation Vulnerability |
| CVE-2019-1003029 | Jenkins Script Security Plugin Sandbox Bypass Vulnerability |