What Is the ‘Dirty Pipe’ Linux Vulnerability (CVE‑2022‑0847) and How to Fix It?

Recently, security researcher Max Kellermann from CM4all discovered a new Linux vulnerability (CVE‑2022‑0847) while tracking corrupted web‑server access logs for a client.

CVE‑2022‑0847 affects Linux kernel 5.8 and later, including Linux versions used in Android devices. It allows non‑privileged users to inject or overwrite data in read‑only files, leading to privilege escalation and ultimately root access.

The flaw works similarly to the 2016 “Dirty Cow” (CVE‑2016‑5195) bug but is easier to exploit.

The author named the vulnerability “Dirty Pipe”; it has a CVSS score of 7.8, classified as high severity.

Proof‑of‑concept and exploit code have already been published.

According to Android requirements, many newly released Android 12 phones run Linux kernel 5.8 or newer, so devices with Snapdragon 8 Gen 1, Dimensity 8000 series, Dimensity 9000, Exynos 2200 and Google Tensor are affected.

Although the bug has been fixed in Linux kernels 5.16.11, 5.15.25 and 5.10.102, many servers have not yet upgraded and remain vulnerable.

While the exploitation technique is slightly more complex than Dirty Cow, attackers are expected to use it soon.

Researchers recommend checking the kernel version of Linux servers and upgrading promptly if it is 5.8 or newer.

Reference: https://dirtypipe.cm4all.com/