If you use a Linux distribution on your computer or an Android smartphone, you should apply the latest updates right away since the Linux kernel has been detected and patched with a serious security issue. The vulnerability, known as CVE-2022-0847 and dubbed “Dirty Pipe,” was identified earlier this year by Max Kellerman, a software developer at the web hosting business IONOS.
Kellerman first became aware of the vulnerability in the Linux kernel since 5.8 after getting customer complaints about corrupted files, according to a comprehensive blog post. Kellerman was able to recognise a pattern and determine that the cause of the fault was in the Linux kernel itself after the identical problem occurred many times after the first report.
Kellerman notified the Linux kernel team the same day about his discovery, and the team swiftly issued a patch to fix the problem. All impacted Linux versions have received a security update, and Google’s Android operating system, which is based on a modified version of the Linux kernel and other open source software, has also been upgraded.
Dirty Pipe vulnerability
Dirty Pipe can be exploited by an attacker to acquire complete control over impacted computers and cellphones if it is left unpatched on susceptible systems. They would be able to read users’ private chats, hack banking apps, and more with this access.
In general, Linux permits each file to have certain permissions for reading, writing, and executing it. An attacker was able to bypass these protection methods due to a flaw in the way memory is maintained for communication between various processes (through so-called pipes).
The Dirty Pipe flaw affects all Linux systems starting with kernel 5.8 and Android smartphones running untrusted apps. According to a recent email from IONOS, while untrusted apps are normally segregated from the operating system as much as possible, the problem might still be duplicated.
Although the problem was rapidly solved by making a modest change to the Linux kernel source code, IONOS held off on disclosing more information about the vulnerability until patches for Dirty Pipe were widely distributed.