Critical local privilege escalation vulnerability affects millions of Linux devices. Published operating code

Cybersecurity specialists report the detection of a critical privilege escalation vulnerability in version 5.8 of the Linux kernel. Tracked as CVE-2022-0847 and nicknamed Dirty Pipe, the vulnerability was introduced in kernel versions 5.16.11, 5.15.25 and 5.10.102 and affects multiple distributions.

According to the report, the vulnerability can be exploited by logged-in users or through a running program to obtain root privileges on the system. The researchers indicate that the vulnerability can also be exploited on Android devices with vulnerable kernel versions.

Max Kellermann, the researcher in charge of the finding, reported the bug to the developers of the Linux project, who issued a flaw a few days later. While the affected Linux distributions should already be protected, the process will take a little longer for vulnerable Android smartphones.

The researcher described the vulnerability as a bug during a refactoring of the kernel’s pipeline handling code that opens the door to users capable of overwriting the contents of the page’s cache, eventually reaching the file system. Apparently, the bug is similar to the flaw known as Dirty COW and is even easier to exploit.

The vulnerability can be exploited to add or overwrite data in sensitive read-only files, such as removing the root password from /etc/passwd, allowing threat actors in the system to gain superuser access, or temporarily altering a setuid binary to access root privileges.

Users running Linux distributions are encouraged to check for and install the relevant updates for the respective distributions. For Android users, it is recommended to wait for Google and smartphone manufacturers to issue the relevant updates. About the affected smartphones, the latest versions of Android for Google Pixel 6 and Samsung Galaxy S22 are now at risk, as they use a kernel after v5.8.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.