Critical "Nimbuspwn" Vulnerabilities Grant Privilege Elevation on Linux Distributions

Microsoft disclosed a pair of highly impactful vulnerabilities found in the Linux D-Bus, or desktop-bus. The pair, CVE-2022-29799 and CVE-2022-29800, are collectively referred to as “Nimbuspwn” and allow for elevation of privileges to root access on most Linux distributions when exploited.

D-Bus is a message bus system used broadly within Linux to allow inter-process communication between applications. Microsoft gives a great example of how this works; D-Bus would receive a video chat by a tool like Zoom, and once the video is established, Zoom could send a D-Bus signal publishing that a call has started. Applications listening to the message could respond appropriately by muting their audio, for example.

D-Bus components are common on popular Linux desktop environments. Since the components run at different privileges locally and respond to messages on the bus, the components are an attractive target for adversaries. An attacker could use the newly disclosed Nimbuspwn vulnerabilities to leverage D-Bus into escalating privileges. Once an attacker successfully gains root privileges, they could execute arbitrary code on the system, access sensitive data, maintain persistence, or move laterally to other systems.

Recommended action

Details on remediation for both CVE-2022-29799 and CVE-2022-29800 can be found on GitLab. Automox recommends evaluating organizational risk to your infrastructure from Nimbuspwn and remediating as soon as patches are available.

Some operating systems, such as Debian and Ubuntu, have not yet released patches, so you’ll need to monitor for new patches from distributions in your environment.

If you’re using Automox, a “Patch All” policy will ensure that your systems are updated as each distribution releases a patch and Automox scans your endpoints.

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.

Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.

Dive deeper into this topic