QNAP warns users about privilege escalation bug in Linux kernel – update

QNAP reports that several of its NAS systems are vulnerable to the previously discovered Dirty Pipe bug. This bug allows privilege escalation when attackers access the system locally. The company will later release patches for its systems.

QNAP writes that several of its systems are vulnerable to the bug, which was previously discovered. All x86 NAS systems running QTS version 5.0 or QuTS hero h5.0 or newer are vulnerable. The same goes for ‘certain’ Arm models with those OS versions. QNAP systems running QTS 4 are not vulnerable.

The vulnerability is present in all Linux kernel versions from 5.8 onwards. The bug allows local privilege escalation. This allows attackers with local access to the NAS system to run commands as root and inject their own code. It is not possible to exploit the vulnerability remotely.

The Dirty Pipe vulnerability is designated CVE-2022-0847. It is a flaw in the Linux kernel’s pipe buffer structure, which attackers can exploit to write to pages in the page cache to gain admin privileges on a system. The update has since been patched in the Linux kernel.

QNAP gives the vulnerability a “high” severity level. The company says it is investigating the vulnerability. The nas manufacturer will later release more information and security updates for its systems that fix the vulnerability. It is not known exactly when that will happen.

Update, 11.12: The article clarified that it is a Linux vulnerability and not just a bug in QNAP systems.