CVE Series: Dirty Pipe

(CVE-2022-0847)

On February 19th, 2022, the Dirty Pipe attack was discovered, revealing a Linux kernel bug causing file corruption. A bug report, exploit, and patch were swiftly sent to the Linux kernel security team on the next day. This low-effort yet highly impactful exploit affects Linux kernels from 5.8 onwards, and it was resolved in versions 5.16.11, 5.15.25, and 5.10.102.

The vulnerability was replicated on a Google Pixel 6 device, prompting a bug report to the Android Security Team. Linux released a stable version containing the fix, later integrated into the Android kernel by Google. Public disclosure occurred on March 7th, 2022.

Unlike Dirty Cow, this vulnerability resembles it but is easier to exploit. Upon exploitation, the attacker swiftly gains root privileges, regardless of the account used. This provides immense power to execute actions like ransomware attacks, data theft, asset destruction, and more.

What's in a Pipe?

In the Linux operating system, the "pipe" is a fundamental concept that plays a pivotal role in simplifying and streamlining command-line tasks. Represented by the '|' symbol, the pipe allows for the seamless connection of multiple commands, enabling the output of one command to serve as the input for another. This mechanism promotes the construction of efficient and versatile data processing pipelines.

Pipes are instrumental in enhancing the efficiency and flexibility of command-line operations. They enable users to break down complex tasks into smaller, specialized commands, each performing a specific function. These commands can then be combined using pipes to create a cohesive workflow without the need to save intermediate results as files. This not only conserves disk space but also eliminates the potential for errors introduced by manual data handling.

Through pipes, Linux users can harness the power of collaboration between commands. For instance, one command might generate a list of files, and another might filter that list to only include specific file types. This approach encourages modularity, allowing users to mix and match commands to accomplish tasks that would be cumbersome or impractical to achieve with a single command.

In addition to efficiency, pipes also promote code reusability. A sequence of commands chained together by pipes can be saved as a script or utilized in various contexts, enhancing productivity and simplifying repetitive tasks.

In conclusion, pipes are a core feature of the Linux command-line environment that empowers users to construct intricate data processing workflows. By seamlessly connecting commands and enabling the exchange of data, pipes facilitate efficiency, modularity, and code reusability, making them an essential tool for both beginners and experienced Linux users.

Flaw:

"A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system." - NIST

Mitigation (Linux):

The best way to mitigate the Dirty Pipe vulnerability is through patching. Be sure to patch through official sources.

Mitigation (Android):

Android devices are also vulnerable to this exploit, so it is essential to update any Android OS devices. There are many kernel versions in the wild, so it's critical to check all your devices. Typically version 5.x will only be found on the latest models. However, you may have a device that has been supported up to version 5.x.

kevbot's thoughts:

Keep your pipes clean!

"Always be patching!" -pZ