Table of Contents
  • Home
  • /
  • Blog
  • /
  • How To Fix The Dirty Pipe Vulnerability In Linux Kernel- CVE-2022-0847
March 8, 2022
|
4m

How To Fix The Dirty Pipe Vulnerability In Linux Kernel- CVE-2022-0847


How To Fix The Dirty Pipe Vulnerability In Linux Kernel Cve 2022 0847

Max Kellermann, a developer from IONOS software, has identified a vulnerability in the Linux Kernel that allows overwriting data in arbitrary read-only files. The vulnerability has been tracked under the CVE ID CVE-2022-0847, with a CVSS score of 7.8 that enables attackers to perform privilege escalation by overwriting data in arbitrary read-only files. Attackers can abuse this overwrite flaw to escalate privileges and inject code from unprivileged processes to privileged processes. It is highly important for all Linux users to quickly address this vulnerability. Please read this post that helps you know how to fix the dirty pipe vulnerability in the Linux kernel.

Pipeline In Unix/Linux:

In Linux, Pipeline is an inter-process communication mechanism that takes the output of the first process and passes that to the second process as its input.

Summary Of CVE-2022-0847- The Dirty Pipe Vulnerability In Linux Kernel:

The vulnerability is due to an uninitialized “pipe_buffer.flags” variable, which overwrites any file contents in the page cache even if the file is not permitted to be written, immutable, or on a read-only mount, including CD-ROM mounts. That is because the page cache is always writable by the kernel, and writing to a pipe never checks any permissions. This enables attackers to perform privilege escalation by overwriting data in arbitrary read-only files and injecting code from unprivileged processes to privileged processes. Read comprehensive technical details from here.

Associated CVE IDCVE-2022-0847
DescriptionA vulnerability in the Linux kernel that allows overwriting data in arbitrary read-only files. 
Associated ZDI ID
CVSS Score7.8 High
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Local
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Kernel Version Affected By CVE-2022-0847- The Dirty Pipe Vulnerability In Linux Kernel:

The vulnerability exists in kernel versions starting from v5.8 all the way up to 5.15. We recommend all Linux admins and users check the version of the kernel your machine is currently running on. You can use this simple command to check the version of the kernel.

How to Fix CVE-2022-0847 on Ubuntu?

Note: Before you download and install it on your production server, we recommend testing this on a test machine. Don’t forget to take the full VM snapshot if are upgrading the kernel on a Virtual Image. Or, take a filesystem backup if you have a physical server.

Step 1. Check the kernel version

Before you start upgradation, check the version of the kernel your server has. What if the kernel version is not in the list of affected versions, If so, you can schedule this later as per your time.
Run this command to check the kernel version.

$ uname -rs

Step 2. Download kernel modules 5.17

Download the kernel packages directly from the kernel.ubuntu.com website. Download the latest version available (At the bottom) from the website to a dedicated directory. Change the permission of the files to execute.
Create a directory in your path:

$ mkdir /home/arunkl/kernel-5.17

Change the directory:

$ cd /home/arunkl/kernel-5.17/

Download these two files (where X.Y.Z is the highest version):

1. linux-image-*X.Y.Z*-generic-*.deb
2. linux-modules-X.Y.Z*-generic-*.deb

Commands to download the kernel v5.17

$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-image-unsigned-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb

$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-modules-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb

Run this command to set the files permission to execution mode:

$ chmod +x *.deb

Step 3. Install kernel module 5.17

Install the downloaded packages using the default dpkg utility then reboot the server.

$ sudo dpkg –install *.deb
$ reboot

Step 4. Check the kernel version after reboot

Use the same command used in the first step. You will see an upgraded kernel version if everything goes well.

$ uname -rs

We hope this post helps you in knowing How to Fix The Dirty Pipe Vulnerability in Linux Kernel- CVE-2022-0847. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Cloud & OS Platforms

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe