TLDR: Verify that you’re running a secure Linux kernel version.

Vulnerability Name: CVE-2022-0847 or “Dirty Pipe

What does it do?

This flaw in the Linux Kernel can be easily exploited, giving a local user the ability to overwrite data in read-only files.

What operating systems/software versions are affected?

Linux Kernel 5.8 and later versions are affected, but it’s been fixed in versions 5.16.11, 5.15.25, and 5.10.102.

Why is this a concern?

This flaw is considered extremely easy to exploit and involves core Linux functionality. This vulnerability allows for an extensive range of potential malicious actions that haven’t been fully documented. So far, it’s been proven that this flaw can be exploited to provide an unprivileged local user with root access, or it can be used to leave the root account without a password entirely.

Is there a way to mitigate this?

No, this vulnerability cannot be mitigated.

Are patching or update options available?

There are hundreds of Linux distributions. It’s easiest to check which kernel version you’re using. You can do that by running the following command line:

uname -r

If you’re running a kernel version that is vulnerable, follow up with your specific distribution for patching information.

If you’d like us to verify which kernel version you’re using, you may submit a request with our Support team, and they’ll check for you using SysOps Support.

Where can I learn more about this vulnerability?

The original disclosure explains how this vulnerability was discovered and how the exploit works in more technical detail. And this article by Ars Technica includes several proofs of concept.

If you have any questions, don’t hesitate to reach out to our Support team!

Leave a Reply

Your email address will not be published. Required fields are marked *

two × three =