CM4all researchers have discovered the most dangerous vulnerability in the Linux kernel in recent years (CVE-2022-0847). Dirty Pipe allows you to overwrite the contents of any file on behalf of an unprivileged user.

The vulnerability could be used to perform a variety of actions, including integrating malware, creating unauthorized accounts, and modifying scripts and binaries used by privileged services and applications.

Initially, the researchers worked on a fix for intermittent file corruption in network downloads on a Linux client machine. They eventually realized that the file corruption was due to a bug in the Linux kernel.

“This is about as serious as it gets for a local kernel vulnerability. As with Dirty Cow, there is little to no way to mitigate the impact of the vulnerability, and it affects core functionality of the Linux kernel,” said Brad Spengler, president of Open Source Security.

The Dirty Pipe vulnerability first appeared in the Linux 5.8 kernel, which was released in August 2020. It persisted until last month when a fix was released in releases 5.16.11, 5.15.25, and 5.10.102. It has also been included in the kernel used in the Android platform. Currently, there are multiple versions of Android, and it is not possible to track mobile device models that are affected by the Dirty Pipe vulnerability on a single basis.

The researchers note that the Dirty Pipe vulnerability is "extremely serious because it allows an attacker to temporarily or permanently overwrite files on the system that they should not be able to modify." According to them, attackers can use it to change the behavior of privileged processes, gaining the ability to execute arbitrary code with extended system privileges.

In 2016, a vulnerability was discovered in the Linux kernel related to the processing of the copy-on-write (COW) mechanism by the kernel memory subsystem. By exploiting the bug, an unauthorized local user could gain write access to memory mappings, although access should be limited to read-only.

bbabo.Net