[ad_1]
Community-attached storage (NAS) equipment maker QNAP on Monday warned of a just lately disclosed Linux vulnerability affecting its gadgets that may very well be abused to raise privileges and acquire management of affected techniques.
“A neighborhood privilege escalation vulnerability, often known as ‘Soiled Pipe,’ has been reported to have an effect on the Linux kernel on QNAP NAS working QTS 5.0.x and QuTS hero h5.0.x,” the corporate stated. “If exploited, this vulnerability permits an unprivileged person to realize administrator privileges and inject malicious code.”
The Taiwanese agency stated it is persevering with to completely examine its product line for the vulnerability and that there is no QNAP NAS working QTS 4.x are resistant to the Soiled Pipe flaw.
Tracked as CVE-2022-0847 (CVSS rating: 7.8), the shortcoming resides within the Linux kernel that might allow an attacker to overwrite arbitrary knowledge into any read-only recordsdata and permit for a whole takeover of susceptible machines.
The problem has since been fastened in Linux variations 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022, three days after it was reported to the Linux kernel safety crew.
“Presently there isn’t a mitigation out there for this vulnerability,” the corporate added. “We suggest customers to verify again and set up safety updates as quickly as they develop into out there.”
[ad_2]
