Dirty Pipe is a Linux local privilege escalation problem that has been found and publicly released, together with proof-of-concept vulnerability. The 'Dirty Pipe' vulnerability was responsibly disclosed by security researcher Max Kellermann, who indicated it impacts Linux Kernel 5.8 and later versions, as well as Android devices.
CVE-2022-0847 is a weakness in the Linux kernel which was introduced in version 5.8 and resolved in versions 5.16.11, 5.15.25, and 5.10.102.
Kellerman discovered the flaw while investigating a bug that was causing one of his customer's web server access records to be corrupted. The vulnerability, according to Kellerman, is similar to the Dirty COW vulnerability (CVE-2016-5195), which was addressed in 2016.
A bug in the kernel's pipe handling code allows a user program to rewrite the information of the page cache, which ultimately makes its way into the file system, thanks to a refactoring error. It is identical to Dirty COW, but it is relatively easier to use.
While using Linux, check for and install security updates from the distro. Wait for Google (and maybe your maker and/or carrier) to send you an update if you're using Android; because it runs a kernel older than 5.8, the current version of Android for the Google Pixel 6 and the Samsung Galaxy S22 is currently in jeopardy.
Kellerman revealed a proof-of-concept (PoC) vulnerability as part of the Dirty Pipe disclosure which essentially allows users to inject their own content into sensitive read-only files, removing limitations or modifying settings to provide wider access than they would normally have.
However, security researcher BLASTY disclosed an improved vulnerability today which makes gaining root privileges easier by altering the /usr/bin/su command to dump a root shell at /tmp/sh and then invoking the script.
Starting on February 20th, 2022, the vulnerability was responsibly revealed to several Linux maintainers, including the Linux kernel security team and the Android Security Team.
Despite the fact that the defect has been resolved in Linux kernels 5.16.11, 5.15.25, and 5.10.102, numerous servers continue to use outdated kernels, making the release of this vulnerability a major concern for server admins.
Furthermore, due to the ease with which these vulnerabilities may be used to acquire root access, it will only be a matter of time before threat actors start exploiting the vulnerability in upcoming attacks. The malware had previously used the comparable Dirty COW vulnerability, which was more difficult to attack.
This flaw is particularly concerning for web hosting companies that provide Linux shell access, as well as colleges that frequently provide shell access to multi-user Linux systems. It has been a difficult year for Linux, with a slew of high-profile privilege-escalation flaws exposed.
