What Is the ‘Dirty Pipe’ Linux Vulnerability (CVE‑2022‑0847) and How to Protect Your Systems?

Recently, CM4all security researcher Max Kellermann discovered a new Linux kernel vulnerability (CVE‑2022‑0847) while tracking corrupted web‑server access logs for a client.

CVE‑2022‑0847 affects Linux kernel 5.8 and later, including the Linux versions used in Android devices. It allows an unprivileged user to inject or overwrite data in read‑only files, leading to privilege escalation and ultimately root access.

The vulnerability works similarly to the 2016 “Dirty Cow” bug (CVE‑2016‑5195) but is easier to exploit.

Named “Dirty Pipe”, the flaw has a CVSS score of 7.8 and is classified as high severity.

Proof‑of‑concept and exploit code have already been published.

Many newly released Android 12 phones run Linux kernel 5.8 or newer, so devices powered by Snapdragon 8 Gen 1, MediaTek Dimensity 8000/9000, Exynos 2200, and Google Tensor are affected.

The issue has been patched in Linux kernels 5.16.11, 5.15.25 and 5.10.102, but numerous Linux servers remain on vulnerable versions.

Although exploiting Dirty Pipe is slightly more complex than Dirty Cow, attackers are expected to use it soon.

Researchers advise users to check their Linux server kernel versions and upgrade promptly if they are running 5.8 or later.

Reference link: https://dirtypipe.cm4all.com/