By: Cybrary Staff
April 19, 2022
What you should know about Dirty Pipe
By: Cybrary Staff
April 19, 2022
On March 7, 2022, a security researcher named Max Kellermann publicly disclosed “Dirty Pipe,” a high-risk vulnerability in the Linux kernel that allows underprivileged users to leverage common processes to write readable files. “Dirty Pipe” weaponizes the piping communication mechanism in Linux, allowing adversaries to use it to gain write access and privilege escalation. Put simply, “Dirty Pipe” can give a threat actor full control over compromised devices.
What is “Dirty Pipe”?
“Dirty Pipe,” given the name CVE-2022-0847, is a newly discovered Linux kernel vulnerability that can give root-level access, allowing threat actors to gain control over target systems and perform malicious actions.
Following other privilege escalation vulnerabilities like Polkit and local kernel flaws like “Dirty Cow,” this newly disclosed “Dirty Pipe” attack is dangerous and easier for adversaries to exploit. The bug lies in the pipeline where OS processes communicate and transfer data.
Researchers have found that users can leverage an SSH key to quickly escalate privileges and gain root access within minutes. With these privileges, threat actors can do a lot of damage–executing ransomware attacks, collecting and exfiltrating sensitive data, and destroying assets.
What devices are at risk of being affected by “Dirty Pipe”?
“Dirty Pipe” only affects Linux-powered devices, including Google Home products, Android phones, and other output devices like displays and speakers. Devices running Linux kernel versions 5.8 and later are at risk. Most Android devices “live” on earlier kernel versions, meaning they are not impacted by the “Dirty Pipe” exploit. But any devices released later than 5.8, in 2020, including Android 12, are at risk. If you own an Android 11 or an earlier model, you are in the clear.
As of this moment, the known list of phones that at risk are:
- Google Pixel 6
- Google Pixel 6 Pro
- Samsung Galaxy S22 Series
To determine if your Android device is at risk, navigate to the “Settings” app to look for the Android/Software version and then see the kernel version. If your version is higher than 5.8, you are at risk and should regularly check for security updates.
What is being done to mitigate “Dirty Pipe”?
Google has disclosed its full awareness of the threat presented by “Dirty Pipe” and has shared the necessary information with its partners to patch the issue.
The Linux kernel security team has already released a patch mitigating the threat on kernel versions 5.10.102, 5.15.25, and 5.16.11 (if you haven’t updated your device, please do so immediately). It’s reasonable to assume updates will be arriving in the coming months that will likely include fixes for a range of affected models.
However, scheduled patch releases will likely vary depending on the manufacturer of your device, as each has unique update policies. For instance, some manufacturers will release updates every two months, while others do so quarterly.
How can you keep your device safe?
“Dirty Pipe” is a dangerous attack with widespread implications, but you can take reasonable precautions to protect yourself. You should only install and run apps that you know you can trust as an important first step. Furthermore, until a security patch has been released, you should be wary of installing any new apps. As these easily exploitable vulnerabilities like Dirty Pipe continue to critically impact systems, a limited or zero-trust policy toward app installation can be valuable. These precautions are simple but effective at helping you secure your systems and devices until a more effective and permanent solution has been implemented to mitigate the “Dirty Pipe” exploit.
Thousands of common vulnerabilities and exposures (CVEs) like “Dirty Pipe” are discovered daily. If you want hands-on practice exploiting and mitigating these CVEs, explore Cybrary’s CVE Series. These courses let you experience critical vulnerabilities through interactive courses and secure virtual environments to develop the skills necessary to mitigate risk. Learn how Cybrary can help you and your security team respond to Dirty Pipe and other critical vulnerabilities and exploits.