Max Kellermann, a developer from IONOS software, has identified a vulnerability in the Linux Kernel that allows overwriting data in arbitrary read-only files. The vulnerability has been tracked under the CVE ID CVE-2022-0847, with a CVSS score of 7.8 that enables attackers to perform privilege escalation by overwriting data in arbitrary read-only files. Attackers can abuse this overwrite flaw to escalate privileges and inject code from unprivileged processes to privileged processes. It is highly important for all Linux users to quickly address this vulnerability. Please read this post that helps you know how to fix the dirty pipe vulnerability in the Linux kernel.
Pipeline In Unix/Linux:
In Linux, Pipeline is an inter-process communication mechanism that takes the output of the first process and passes that to the second process as its input.
Summary Of CVE-2022-0847- The Dirty Pipe Vulnerability In Linux Kernel:
The vulnerability is due to an uninitialized “pipe_buffer.flags” variable, which overwrites any file contents in the page cache even if the file is not permitted to be written, immutable, or on a read-only mount, including CD-ROM mounts. That is because the page cache is always writable by the kernel, and writing to a pipe never checks any permissions. This enables attackers to perform privilege escalation by overwriting data in arbitrary read-only files and injecting code from unprivileged processes to privileged processes. Read comprehensive technical details from here.
|Associated CVE ID||CVE-2022-0847|
|Description||A vulnerability in the Linux kernel that allows overwriting data in arbitrary read-only files.|
|Associated ZDI ID||–|
|CVSS Score||7.8 High|
|Attack Vector (AV)||Local|
|Attack Complexity (AC)||Low|
|Privilege Required (PR)||Low|
|User Interaction (UI)||None|
Kernel Version Affected By CVE-2022-0847- The Dirty Pipe Vulnerability In Linux Kernel:
The vulnerability exists in kernel versions starting from v5.8 all the way up to 5.15. We recommend all Linux admins and users check the version of the kernel your machine is currently running on. You can use this simple command to check the version of the kernel.
How to Fix CVE-2022-0847 on Ubuntu?
Note: Before you download and install it on your production server, we recommend testing this on a test machine. Don’t forget to take the full VM snapshot if are upgrading the kernel on a Virtual Image. Or, take filesystem back up if you have a physical server.
- Check the kernel version
Before you start upgradation, check the version of the kernel your server has. What if the kernel version is not in the list of affected versions, If so, you can schedule this later as per your time.
Run this command to check the kernel version.
$ uname -rs
- Download kernel modules 5.17
Download the kernel packages directly from the kernel.ubuntu.com website. Download the latest version available (At the bottom) from the website to a dedicated directory. Change the permission of the files to execute.
Create a directory in your path:
$ mkdir /home/arunkl/kernel-5.17
Change the directory:
$ cd /home/arunkl/kernel-5.17/
Download these two files (where X.Y.Z is the highest version):
Commands to download the kernel v5.17
$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-image-unsigned-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb
$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-modules-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb
Run this command to set the files permission to execution mode:
$ chmod +x *.deb
- Install kernel module 5.17
Install the downloaded packages using the default dpkg utility then reboot the server.
$ sudo dpkg –install *.deb
- Check the kernel version after reboot
Use the same command used in the first step. You will see an upgraded kernel version if everything goes well.
$ uname -rs
We hope this post will help you in knowing How to Fix The Dirty Pipe Vulnerability in Linux Kernel- CVE-2022-0847. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.