Security experts have identified a major new Linux vulnerability within the system, which is called, ‘Dirty Pipe’. Through it, the vulnerability might allow remote attackers to get root-level access to Linux computers. Thus, allowing them to carry out a variety of destructive acts.
The person to uncover the Linux vulnerability is a security specialist, named is Max Kellermann. The official code name for Dirty Pipe is CVE-2022-0847. The researcher identified the weakness while researching corrupt access log files for one of the company’s customers.
According to Kellermann, the Dirty Pipe vulnerability is a lot more dangerous than the dirty Cow vulnerability. This is because the Dirty Pipe variant is easier to exploit.
However, what is interesting is that this system vulnerability has been there since Linux version 5.8. Hence, it has the potential to affect the later versions after that as well.
How Can the Dirty Pipe Vulnerability Attack?
The CVE-2022-0847 vulnerability allows overwriting data in arbitrary read-only files, which could lead to privilege escalation. This is because processes that do not have the authority to access the system can inject code into root processes.
The attacker must have read access, and the offset must not be on a page border. Moreover, the write cannot cross a page boundary, and you cannot expand the file in order to exploit the issue.
Additionally, Kellermann provided an overview on how to exploit the Dirty Pipe vulnerability.
- Create a pipe
- fill it with arbitrary data (to set the
PIPE_BUF_FLAG_CAN_MERGEflag in all ring entries)
- drain it (leave the flag set in all
struct pipe_bufferinstances on the
- Splice data from the target file into the pipe from just before the target offset;
- Fill the pipe with any data you choose
- This data will overwrite the cached file page
- It will not construct a new anonymous struct pipe buffer as the
What Could the Dirty Pipe Vulnerability Exploit?
When it comes to exploiting the vulnerability, creating an SSH key is simply one of many options available to an attacker. They can produce a root shell by hijacking a SUID binary. In the meanwhile, another can let unauthorized users who they do not trust overwrite data in read-only files. These are serious attacks that can cause a system to fail in a variety of ways.
Furthermore, Linux computers are not the only ones at risk. Since Android is based on the Linux model, any device running version 5.8 or later is vulnerable.
Hence, putting a large number of users at risk. The Google Pixel 6 and Samsung Galaxy S22, for example, run Linux kernel 5.10.43, making these new and popular devices vulnerable.
Any attack that grants a Linux machine root access is dangerous. When an attacker acquires root access, they will have complete control over the target system. Thus, they may be able to use that ability to gain access to other systems. This vulnerability has an avoiding factor in that it requires local access, which reduces the risk marginally.
Moreover, depending upon the expertise of the security professionals, they will resolve the issue as soon as possible. However, the big Linux distributions are frantically working to get them out.