Cybersecurity Network Management IT and Network Support

Cybersecurity Threat Advisory: ‘Dirty Pipe’ Linux Vulnerability Provides Easy Privilege Escalation

Mike Beagles
Mike Beagles March 16, 2022 2 min read

Advisory Overview

Security researchers discovered and released information to the public regarding new vulnerabilities and kernel-level exploits. The vulnerabilities — CVE-2022-049 and CVE-2022-0847 — are two of the highest-severity exploits and affect out-of-date Linux distributions, aka “distros.”

Linus users typically obtain their operating system by downloading a distro, which is a software collection that contains the Linux kernel and a package management system.

Due to similarities with the execution of the 2016 “Dirty Cow” exploit, CVE-2022-0847 has been dubbed the “Dirty Pipe” exploit. Using the vulnerability, an attacker can have complete root access to a device. MCP recommends updating all vulnerable Linus distros immediately.

What Is the Threat?

CVE-2022-0847 was discovered by security researcher Max Kellerman. In a proof-of-concept demonstration, Kellermann identified a kernel-level vulnerability within multiple Linux distros. Essentially, these distros contain a bug within the “pipeline” of multiple processes that send data to each other. The vulnerability enables unprivileged users to inject code into read-only files and modify configurations, which allows them to easily obtain root access among many other attacks.

Why Is It Noteworthy?

The exploit makes it easy for any user to gain unfettered access to a system with a root-level shell. Although the issue has been patched in Linux kernels 5.16.11, 5.15.25, and 5.10.102, many servers continue to operate using outdated kernels, making the release of this exploit one of the highest-severity releases in recent Linux history. It also is notable that the previous exploit from which this vulnerability takes its name, “Dirty Cow,” was used extensively by malware, and this vulnerability is even easier for cyberattackers to leverage.

What Is the Risk?

Kellermann released the “Dirty Pipe” vulnerability and stated that it “affects Linux Kernel 5.8 and later versions, even on Android devices.” This leaves a large attack vector for those running Linux servers with outdated kernels. If an attacker were to exploit this vulnerability they could move laterally to other devices in the environment, add/remove/modify files at will, and much more.

What Are the Recommendations?

MCP recommends patching and updating all Linux kernels to versions 5.16.11, 5.15.25, and 5.10.102 or higher. We also recommend acting immediately because cyberattackers almost assuredly will be using this exploit for attacks due to its ease of use and wide availability.

References

For more in-depth information about the recommendations, please visit the following link:

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

Don't forget to share this post!

Mike Beagles
Mike Beagles
Mike has specialized experience with supporting public safety agencies by providing technical expertise, strategic planning and general consulting for new and innovative mission critical technologies as well as legacy solutions. Throughout his long-standing career, he has worked as a technical service manager and network engineer for several public safety software companies, as well as an IT manager with a mid-tier public safety 911/ CAD/RMS/Mobile software provider. His expertise runs deep in team and project management for large and small projects, which he has done for more than 12 years.

Related posts

Cybersecurity

Cybersecurity Threat Advisory: 'PrintNightmare' Zero-Day Vulnerability in Windows Print Spooler

July 13, 2021
Mike Beagles
Operations Staffing Cybersecurity IT and Network Support Emergency Response Ecosystem Law Enforcement Criminal Justice

Security Training: A Key Element of a Strong Cyberrisk Prevention Program

February 3, 2020
Mike Beagles
Cybersecurity Network Management IT and Network Support

Cybersecurity Threat Advisory: Microsoft Patch Tuesday – May 2021

May 18, 2021
Mike Beagles