A new vulnerability in the Linux kernel is the worst in years, and it could allow attackers to execute arbitrary code or cause a denial of service (DoS) attack. The vulnerability, which is known as “New Dirty Pipe,” was discovered by researchers at Google Project Zero and is being called the “worst Linux vulnerability since 2.6.” It affects kernels version 3.10 through 3.19, and it can be exploited by attackers who are able to exploit a flaw in the way that the kernel handles pipes. If an attacker can control a pipe, they can send data through it without first verifying its authenticity or checking for errors. This allows them to read or write data without knowing its destination or condition, which could result in a DoS attack or even complete system failure. The New Dirty Pipe vulnerability is particularly dangerous because it’s easy to exploit and can cause significant damage to systems. It’s important that users of affected kernels update their software as soon as possible so that they’re not at risk of this attack.
Apparently, the vulnerability in the Linux kernel has been around since version 5.8, which was released in August 2020. It’s tracked as CVE-2022-0847. It allows overwriting data in arbitrary read-only files, which means attackers can escalate privileges, giving them access they shouldn’t have. Once privileges are escalated, they can do all sorts of things on a system.
Creating an SSH key is just one of many actions an attacker can take when exploiting the vulnerability. One can hijack a SUID binary to create a root shell, and another can allow untrusted users to overwrite data in read-only files. These are severe attacks that could do all sorts of damage to a system.
“It’s about as severe as it gets for a local kernel vulnerability,” Brad Spengler, president of Open Source Security, wrote in an email to Ars Technica. “Just like Dirty Cow, there’s essentially no way to mitigate it, and it involves core Linux kernel functionality.”
It’s not just Linux computers that are vulnerable. Because Android runs the Linux kernel, any device running 5.8 or later is also susceptible, opening up a slew of people to potential risk. For example, the Pixel 6 and the Samsung Galaxy S22 run 5.10.43 of the Linux kernel, making these new and popular devices vulnerable.
As far as the fix goes, the major Linux distros are working hard to get them out. Ubuntu post on Twitter saying, “The @ubuntu kernel team is busy cranking out and testing updated kernels to patch ‘Dirty Pipe’ – expect updates to be available tomorrow with any luck.” We expect other Linux distros to be working on fixes, as well.
RELATED: What Is Ubuntu?