A Linux kernel bug cataloged as CVE-2022-0847 – which is being referred to as Dirty Pipe due to its similarity to another exploit, Dirty Cow – was recently discovered, though it has reportedly been present in all kernels since version 5.8.
The bug was reported to the Linux kernel security team by the individual who discovered it, Max Kellermann of CM4all parent company IONOS, back in February. A fix for the issue was provided by Kellermann three days after the bug was reported, and can be found here.
Adding to the severity of the Dirty Pipe exploit, it’s not only present in Linux kernels from version 5.8 onward, but Android as well. Google merged the aforementioned fix to the Android kernel, with the vulnerability intended to be remedied in Linux 5.16.11, 5.15.25, and 5.10.102.
However, Kellermann told Ars Technica, "There are no indications Android versions based on a vulnerable release of the Linux kernel are fixed. Users should assume that any device running a version of Android based on a vulnerable version of the Linux kernel is susceptible to Dirty Pipe."
Something else that’s worth noting is that with Steam Deck’s utilization of Linux, it’s possible this kernel exploit could affect Steam Deck users. Steam Deck runs on a customized fork of Arch Linux with Ars Technica noting, “Steam OS is basically a GUI wrapper that runs on top of Arch Linux.”
While you’re free to install Windows on Steam Deck if you wish, you’re also free to install your favorite Linux distro as well. If you’ve already done the latter and have installed an affected kernel version, you’ll want to keep an eye on the Dirty Pipe situation and see if you can apply the aforementioned fix for it sooner, rather than later.
Going into how Dirty Pipe works in more detail, Brad Spengler, president of Open Source Security, explained to Ars Technica:
As previously mentioned, this vulnerability was first discovered by researcher Max Kellermann while troubleshooting corrupted files on a customer’s Linux machine. Digging in further, Kellermann eventually figured out how to weaponize this vulnerability, with Ars Technica reporting:
Kellermann went on to detail other things of note that make the Dirty Pipe exploit interesting, as well as concerning.
Other examples of Dirty Pipe’s severity have been shared by users like @bl4sty on Twitter who explained they were able to hack up “a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary.”
With a flood of information on Dirty Pipe having been thrown your way, an important takeaway as pointed out by Brad Spengler is that this vulnerability is “about as severe as it gets.”
With that in mind, anyone with an affected kernel version should apply the available fix for this as soon as possible.
For more on the kernel bug Dirty Pipe, why it’s so problematic, and what you need to know if you’re running an affected kernel version of Linux, be sure to read through the full in-depth report from Ars Technica. You can also read more on how Dirty Pipe works in the post from Max Kellermann on the CM4all website.