A newly revealed vulnerability in the Linux kernel allows an attacker to overwrite data in arbitrary read-only files.

Detailed today by security researcher Max Kellermann and dubbed “Dirty Pipe,” the vulnerability leads to privilege escalation, since unprivileged processes can inject code into root processes. The vulnerability, officially named CVE-2022-0847, affects Linux Kernel 5.8 and later versions, even on Android devices, but has been fixed in Linux versions 5.16.11, 5.15.25 and 5.10.102.

Kellermann explains that he found the vulnerability after receiving a support ticket about corrupt files a year ago. The customer complained that the access logs downloaded could not be decompressed. Kellermann confirmed the issue, fixed the issue manually and then closed the ticket, but the issue then occurred again and again.

Every time the file’s contents looked correct, but there was an issue. Kellermann dug further and found a “surprising kind of corruption” with a clear pattern.

Kellerman went into detail about how he discovered the issue and how it could be exploited. Although he initially believed the vulnerability was exploitable only while a privileged process writes the file, he later found the Dirty Pipe could be exploited “at (almost) arbitrary positions with arbitrary data.”

After breaking down what is involved, Kellerman submitted the details and a patch to the Linux kernel security team on Feb. 20. Fixes were released on Feb. 23 for Linux and the Android kernel on Feb. 24.

“Exploitation of Dirty Pipe could allow attackers to take control of systems and destroy or exfiltrate sensitive data,” Paul Zimski, vice president of Product Strategy at information technology operations cloud solution provider Automox Inc., told SiliconANGLE. “Given the prevalence of Linux in highly sensitive infrastructure, this is a very important vulnerability to mitigate.”

Zimski added that it’s highly recommended that IT and security operations administrators prioritize patching and remediation of this vulnerability in the next 24 hours to reduce organizational risk.

Mike Parkin, senior technical engineer at cyber risk management company Vulcan Cyber Ltd., noted that any exploit that gives root-level access to a Linux system is a problem.

“An attacker that gains root gains full control over the target system and may be able to leverage that control to reach other systems,” Parkin explained. “The mitigating factor with this vulnerability is that it requires local access, which slightly lowers the risk.”

Photo: Pixnio