Article: Linux has been bitten by its most high-severity vulnerability in years, meet “Dirty Pipe”

h0w1tzr’s Commentary: This bug is probably going to be even bigger than Dirty Cow was. This bug affects Linux kernels that are >= 5.8 should be patched immediately.

The name “Dirty Pipe”: is meant to both signal similarities to Dirty Cow and provide clues about the new vulnerability’s origins. “Pipe” refers to a pipeline, a Linux mechanism for one OS process to send data to another process. In essence, a pipeline is two or more processes that are chained together so that the output text of one process (stdout) is passed directly as input (stdin) to the next one.

Tracked as CVE-2022-0847, the vulnerability came to light when a researcher for website builder CM4all was troubleshooting a series of corrupted files that kept appearing on a customer’s Linux machine. After months of analysis, the researcher finally found that the customer’s corrupted files were the result of a bug in the Linux kernel.

Links

Leave a Reply