A High severity privilege escalation vulnerability dubbed “Dirty Pipe” was found in Linux kernel.
Researcher Max Kellermann discovered the Dirty Pipe vulnerability CVE-2022-0847 and said the vulnerability has existed in the Linux kernel since version 5.8.
Kellerman wrote in a blog post the vulnerability “allows overwriting data in arbitrary read-only files” and can “lead to privilege escalation because unprivileged processes can inject code into root processes.”
The Dirty Pipe vulnerability is also similar to Dirty COW (CVE-2016-5195), another privilege escalation vulnerability in the Linux Kernel found back in 2016.
In April 29, 2021, Kellerman first filed a support ticket about file corruption. However, it was not until February 19, 2022 when the file corruption issue was identified as an exploitable Linux kernel vulnerability.
Moreover, the finding was subsequently reported to the Linux kernel security team and then the Android Security Team after also reproducing the issue on Google Pixel 6.
Red Hat issued a security advisory RHSA-2022:0819 for the fixes on March 4, 2022 (last updated March 11th):
“A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.”
The CVE-2022-0847 vulnerability (NIST CVSS score of 7.8) was fixed in Linux kernel versions 5.16.11, 5.15.25 and 5.10.102.