News

Linux bug Dirty Pipe a 'serious vulnerability,' could affect Steam Decks

The kernel bug Dirty Pipe was reported to be present in nearly all versions of Linux since 5.8.

March 8, 2022 3:00 PM

A Linux kernel bug cataloged as CVE-2022-0847 – which is being referred to as Dirty Pipe due to its similarity to another exploit, Dirty Cow – was recently discovered, though it has reportedly been present in all kernels since version 5.8.

The bug was reported to the Linux kernel security team by the individual who discovered it, Max Kellermann of CM4all parent company IONOS, back in February. A fix for the issue was provided by Kellermann three days after the bug was reported, and can be found here.

Adding to the severity of the Dirty Pipe exploit, it’s not only present in Linux kernels from version 5.8 onward, but Android as well. Google merged the aforementioned fix to the Android kernel, with the vulnerability intended to be remedied in Linux 5.16.11, 5.15.25, and 5.10.102.

However, Kellermann told Ars Technica, "There are no indications Android versions based on a vulnerable release of the Linux kernel are fixed. Users should assume that any device running a version of Android based on a vulnerable version of the Linux kernel is susceptible to Dirty Pipe."

Something else that’s worth noting is that with Steam Deck’s utilization of Linux, it’s possible this kernel exploit could affect Steam Deck users. Steam Deck runs on a customized fork of Arch Linux with Ars Technica noting, “Steam OS is basically a GUI wrapper that runs on top of Arch Linux.”

While you’re free to install Windows on Steam Deck if you wish, you’re also free to install your favorite Linux distro as well. If you’ve already done the latter and have installed an affected kernel version, you’ll want to keep an eye on the Dirty Pipe situation and see if you can apply the aforementioned fix for it sooner, rather than later.

Going into how Dirty Pipe works in more detail, Brad Spengler, president of Open Source Security, explained to Ars Technica:

“Linux (like other OSes) caches in memory files used by the system for performance reasons. When you want to make a private modification to some of that cached data, the OS is supposed to fork off a copy of the data for you to make your modification in, otherwise, your modification would not be private and would instead affect anyone else reading or executing that file. Like with Dirty Cow, Dirty Pipe tricked the OS into performing an illegal modification of that cache, affecting all users on the system.

So what an exploit can do is, for instance, to change the code for a suid root binary (which they have read access to) to skip its system calls which would change its privilege back to the user (which means the binary will unknowingly continue running with full root privileges), or the exploit can modify a commonly used library to cause it to execute some additional code, with a simple example being changing the permissions on a shell the attacher copied into /tmp to make it suid root.”

As previously mentioned, this vulnerability was first discovered by researcher Max Kellermann while troubleshooting corrupted files on a customer’s Linux machine. Digging in further, Kellermann eventually figured out how to weaponize this vulnerability, with Ars Technica reporting:

Kellermann went on to detail other things of note that make the Dirty Pipe exploit interesting, as well as concerning.

Other examples of Dirty Pipe’s severity have been shared by users like @bl4sty on Twitter who explained they were able to hack up “a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary.”

Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary. https://t.co/q8NtTlbgOZ pic.twitter.com/jxYUKYVCBo
— BLASTY (@bl4sty) March 7, 2022

With a flood of information on Dirty Pipe having been thrown your way, an important takeaway as pointed out by Brad Spengler is that this vulnerability is “about as severe as it gets.”

With that in mind, anyone with an affected kernel version should apply the available fix for this as soon as possible.

For more on the kernel bug Dirty Pipe, why it’s so problematic, and what you need to know if you’re running an affected kernel version of Linux, be sure to read through the full in-depth report from Ars Technica. You can also read more on how Dirty Pipe works in the post from Max Kellermann on the CM4all website.

Morgan Shaver

Senior Editor

Morgan is a writer from the frozen wastelands of Maine who enjoys metal music, kpop, horror, and indie games. They're also a Tetris fanatic who's fiercely competitive in games like Tetris 99... and all games in general. But mostly Tetris. You can follow Morgan on Twitter @Author_MShaver.

Filed Under

From The Chatty

Refresh Go To Thread

Shacknews

 reply
March 8, 2022 3:00 PM

Morgan Shaver posted a new article, Linux bug Dirty Pipe a 'serious vulnerability,' could affect Steam Decks