Security News > 2022 > March > Researchers Warn of Linux Kernel ‘Dirty Pipe’ Arbitrary File Overwrite Vulnerability

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems.

The Linux kernel flaw is said to have existed since version 5.8, with the vulnerability sharing similarities to that of Dirty Cow, which came to light in October 2016.

"A flaw was found in the way the 'flags' member of the new pipe buffer structure was lacking proper initialization in copy page to iter pipe and push pipe functions in the Linux kernel and could thus contain stale values," Red Hat explained in an advisory published Monday.

Exploiting the weakness requires performing the following steps: Create a pipe, fill the pipe with arbitrary data, drain the pipe, splice data from the target read-only file, and write arbitrary data into the pipe, Kellerman outlined in a proof-of-concept exploit demonstrating the flaw.

Put simply; the vulnerability is high risk in that it allows an attacker to perform a number of malicious actions on the system, including tampering with sensitive files such as /etc/passwd to remove a root user's password, adding SSH keys for remote access, and even executing arbitrary binaries with the highest privileges.

The issue has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022, three days after it was reported to the Linux kernel security team.

News URL

https://thehackernews.com/2022/03/researchers-warn-of-linux-kernel-dirty.html