According to reports, “the Linux kernel flaw has existed since version 5.8, with the vulnerability sharing similarities. The flaw, dubbed “Dirty Pipe” by IONOS software developer Max Kellermann (CVE-2022-0847, CVSS score: 7.8), leads to privilege escalation because unprivileged processes can inject code into root processes.”
Kellerman stated that the bug was discovered after investigating a support issue raised by one of the cloud and hosting provider’s customers, which involved a case of “surprising kind of corruption” affecting web server access logs.
Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel, which could allow an attacker to overwrite arbitrary data into any read-only files and take complete control of affected systems.
Red Hat explained that ,” A flaw was discovered in the way the ‘flags’ member of the new pipe buffer structure was lacking proper initialization in the Linux kernel’s copy page to iter pipe and push pipe functions and could thus contain stale values.”
Pipe, short for pipeline, is a unidirectional inter-process communication mechanism in which a series of processes are chained together, with each process taking input from the previous process and producing output for the next.
Exploiting the weakness requires the following steps: Create a pipe, fill it with arbitrary data, drain it, splice data from the target read-only file, and write arbitrary data into the pipe, Kellerman demonstrated in a proof-of-concept (PoC) exploit.
“To make this vulnerability even more exciting, it not only works without write permissions but also with immutable files, read-only btrfs snapshots and read-only mounts. This is due to the fact that the page cache is always writable and writing to a pipe never checks any permissions.”
Finally the researchers concluded that ,” the problem was fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102, three days after it was reported to the Linux kernel security team. Google, for its part, has committed to incorporating the fixes into the Android kernel on February 24, 2022. Given the ease with which the security flaw can be exploited and the release of the proof-of-concept exploit, users should update Linux servers immediately and apply patches for other linux as soon as they become available.”