Linux vulnerability in version 5.8 and later called "Dirty Pipe" detailed, fixed in 5.16.11, 5.15.25 and 5.10.102

Linux vulnerability in version 5.8 and later called "Dirty Pipe" detailed, fixed in 5.16.11, 5.15.25 and 5.10.102

A security researcher has detailed a security vulnerability in the Linux kernel originally discovered in April of 2021.

In a newly published report by security researcher Max Kellermann, Linux kernel vulnerability CVE-2022-0847's history was described and the steps for how to replicate it were published. For the vulnerability to be exploited, an attacker would have to have read access permissions and then fill and empty a pipe with arbitrary data.

The bug report along with a proof-of-concept exploit was sent to the Linux kernel security team on February 20th. From there, a fix was promptly developed and integrated into all active versions of the kernel on February 23rd. It was also merged into the Android kernel a day later on February 24th. On the 28th, it was disclosed on the linux-distros mailing list, and then it was published for general public notice on March 7th.

As of this post, the vulnerability is not present in any current version of the Linux and Android kernels.

Further coverage: Dirty Pipe Vulnerability Documentation ZDNet

by Ian Dorfman

MORE ABOUT: #Operating Systems#Linux kernel
Linux kernel iconLinux kernel
  315
  • ...

The Linux kernel is the core component of the Linux operating system. It's responsible for managing the system's resources and facilitating communication between hardware and software. It was first created by Linus...

Related news

All news about Linux kernel »
No comments so far, maybe you want to be first?
Gu