The Dirty Pipe Vulnerability

[Condobloke]

The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation

dirtypipe.cm4all.com

New Linux kernel bug lets you get root on most modern distros

Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices.

www.bleepingcomputer.com

 

[KGIII]

Note: That's from 2021, presumably long-since patched.

 

[Condobloke]

A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.

Today,7th March 2022, security researcher Max Kellermann responsibly disclosed the 'Dirty Pipe' vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.

The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation

dirtypipe.cm4all.com

Timeline​

• 2021-04-29: first support ticket about file corruption
• 2022-02-19: file corruption problem identified as Linux kernel bug, which turned out to be an exploitable vulnerability
• 2022-02-20: bug report, exploit and patch sent to the Linux kernel security team
• 2022-02-21: bug reproduced on Google Pixel 6; bug report sent to the Android Security Team
• 2022-02-21: patch sent to LKML (without vulnerability details) as suggested by Linus Torvalds, Willy Tarreau and Al Viro
• 2022-02-23: Linux stable releases with my bug fix (5.16.11, 5.15.25, 5.10.102)
• 2022-02-24: Google merges my bug fix into the Android kernel
• 2022-02-28: notified the linux-distros mailing list
• 2022-03-07: public disclosure

 

[KGIII]

LOL We overlapped. I mention the timeline in the other thread. Yeah, the timeline confuses me. If you follow the security releases, they're often fixed in a matter of days - depending on severity. This one was almost a full year.

But, I think I am making sense of it now... They didn't realize it was exploitable at first. I'm gonna see if I can find the first bug report.

 

[KGIII]

Yeah, that's what it appears to be. The bug came in and it wasn't until almost a year later that they realized it could be exploited.

Which makes me wonder...

Did *anyone else* realize it was exploitable before that?

 

[CrazedNerd]

Haven't read it yet, but what's vulnerable is interesting to me, thank you.

 

[Condobloke]

Debian Security Update - DSA-5092 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. Continue reading...

www.linux.org