In Local Privilege Escalation Vulnerability in Linux (Dirty Pipe), Taiwanese hardware vendor QNAP is reporting that most of its (NAS) devices are vulnerable to a high severity Linux vulnerability which allows local access users to gain root privileges. Excerpts:
A local privilege escalation vulnerability, also known as “dirty pipe”, has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x.
Currently there is no mitigation available for this vulnerability. We recommend users to check back and install security updates as soon as they become available.