Linux vulnerability in version 5.8 and later called "Dirty Pipe" detailed, fixed in 5.16.11, 5.15.25 and 5.10.102
A security researcher has detailed a security vulnerability in the Linux kernel originally discovered in April of 2021.
In a newly published report by security researcher Max Kellermann, Linux kernel vulnerability CVE-2022-0847's history was described and the steps for how to replicate it were published. For the vulnerability to be exploited, an attacker would have to have read access permissions and then fill and empty a pipe with arbitrary data.
The bug report along with a proof-of-concept exploit was sent to the Linux kernel security team on February 20th. From there, a fix was promptly developed and integrated into all active versions of the kernel on February 23rd. It was also merged into the Android kernel a day later on February 24th. On the 28th, it was disclosed on the linux-distros mailing list, and then it was published for general public notice on March 7th.
As of this post, the vulnerability is not present in any current version of the Linux and Android kernels.
- Free • Open Source