Dirty Pipe: The Latest Serious Linux Kernel Vulnerability is Being Patched

Kevin ArrowsPublished on March 12, 2022
Kevin is a certified Network Engineer
Pipes by LGhelpme, CC BY-SA 4.0

Recently, a very serious vulnerability found in the Linux kernel received the name of Dirty Pipe. It is basically, an escalation of privileges that is put into check the system.

Dirty Pipe & Dirty Cow

Dirty Pipe would be similar to Dirty Cow, another Linux kernel vulnerability exposed in 2016. It had enough to talk precisely for its potential severity.

It was noticed in servers in the beginning, although, the bulk of it was by minor applications in affected Android versions.

Dirty Pipe has similarity with Dirty Cow because in both cases the attack principle is similar. Both allow file writing regardless of the permissions. The difference is that while Dirty Cow was referring to the file copy process (Copy On Write); the Dirty Pipe vector is a ‘pipe’ that allows system process and sends data to other processes. 

The Dirty Pipe vulnerability causes an uninitial variable that facilitates the overwriting of files, regardless of the permissions. That is, using Dirty Pipe, it is possible to overwrite files even when these are read-only. And of course, it could replace root files, by creating an access via SSH to allow remote access.

Dirty Pipe Solution

Dirty Pipe is revealed now, but it was discovered, documented and reported almost a month ago and, in fact, it affects the versions of the Kernel Linux 5.8 (August 2020) onwards, although it would have been fixed in Linux kernel 5.16.11, 5.15.25 and 5.10.102. For more info and the method of exploitation, the vulnerability report is CVE-2022-0847.

But, seriously, do not stress, that it is not worth it. The main GNU/Linux distributions are already preparing their patches for the rest of the affected kernel versions. In addition, it is only exploitable with physical access to the device. There are other variants, although those use less severe vulnerabilities, but allow remote exploitation.

In any case, it may be more complex in the scope of Android. As indicated, mitigation is not possible in Dirty Pipe. It requires an update of the Linux kernel; and sometimes, it takes time for Android to release all of its patches for public.

Tags
Kevin ArrowsPublished on March 12, 2022
Kevin is a certified Network Engineer
ABOUT THE AUTHOR
Photo of Kevin Arrows

Kevin Arrows


Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.