The vulnerability has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102, and patches will be released soon.
Researcher Max Kellermann has shared details of a new Linux kernel vulnerability that lets attackers overwrite data in arbitrary read-only files. The vulnerability is similar to the Dirty Cow vulnerability discovered back in 2016, but the difference is that it is easier to exploit.
Details of the Flaw
Kellermann stated that he discovered the bug last year and regarded it as a critical vulnerability that allows root-level access to Linux-based systems. It is dubbed Dirty Pipe because it impacts the Linux pipeline, which initiates inter-process communications.
Reportedly, the flaw allows privilege escalation through which remote attackers can perform a wide range of malicious activities on the compromised system. Officially tracked as CVE-2022-0847, Dirty Pipe affects Linux Kernel 5.8 and later versions and impacts Linux on Android devices.
More Linux Security News Beware- FontOnLake Rootkit Malware Attacking Linux SystemsChinese hackers using RedXOR backdoor against Linux systemsHolesWarm crypto malware hits unpatched Linux, Windows serversMulti-platform SysJoker backdoor hits Windows, macOS & Linux DevicesNew Linux kernel memory corruption bug causes full system compromise How to Exploit Dirty Pipe?
In a blog post, Kellermann explained how this