Security News > 2022 > March > Researchers Warn of Linux Kernel ‘Dirty Pipe’ Arbitrary File Overwrite Vulnerability
Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems.
The Linux kernel flaw is said to have existed since version 5.8, with the vulnerability sharing similarities to that of Dirty Cow, which came to light in October 2016.
"A flaw was found in the way the 'flags' member of the new pipe buffer structure was lacking proper initialization in copy page to iter pipe and push pipe functions in the Linux kernel and could thus contain stale values," Red Hat explained in an advisory published Monday.
Exploiting the weakness requires performing the following steps: Create a pipe, fill the pipe with arbitrary data, drain the pipe, splice data from the target read-only file, and write arbitrary data into the pipe, Kellerman outlined in a proof-of-concept exploit demonstrating the flaw.
Put simply; the vulnerability is high risk in that it allows an attacker to perform a number of malicious actions on the system, including tampering with sensitive files such as /etc/passwd to remove a root user's password, adding SSH keys for remote access, and even executing arbitrary binaries with the highest privileges.
The issue has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022, three days after it was reported to the Linux kernel security team.
News URL
https://thehackernews.com/2022/03/researchers-warn-of-linux-kernel-dirty.html
Related news
- Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching (source)