“Dirty Pipe” vulnerability

08 Mar 2022

Linux Kernel 5.8 and later versions are vulnerable to a new exploit called Dirty Pipe.

The vulnerability, tracked as CVE-2022-0847, allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root. The vulnerability was discovered by Max Kellermann after he was tracking down a bug that was corrupting web server access logs for one of his customers. The Dirty Pipe exploit is similar to the Dirty COW vulnerability (CVE-2016-5195) fixed in 2016.

Due to the ease with which it can be exploited, this vulnerability is especially concerning, and it’s likely that attacks will soon be seen in the wild.

Contact BrightStrike for a thorough assessment of your systems for vulnerabilities, including Dirty Pipe.