One of Linux’s major benefits is it being open source but this very benefit may be the reason why Linux is in trouble. There is a new exploit that is roaming about and causing trouble for Linux users
Most Linux users are worried that this exploit may cause extreme issues. Now, one must understand that Linux is open source and only the major OEMs that work with Linux are working to provide security updates against exploits but there are issues for users who are not using OEM build but rather a custom fork of Linux.
The Name of The Exploit and How does it work?
There is a new exploit called the dirty pipe exploit. The dirty pipe exploit attacks the read-only files and injects itself into root files. the major concern is that this exploit inserts itself into root processes and gains root access. Root access basically is the use of SuperUser privilege in Linux systems.
— BLASTY (@bl4sty) March 7, 2022
The formal name for the vulnerability is CVE-2022-0847.
Who is Affected?
This exploit affects all kernels from 5.8 onwards which means even Android is affected by this issue but does it mean you should start changing OSs, No! However, the suggestion still remains that you stay aware and ensure that your current build is updated.
This Vulnerability is Not New
One must know that this exploit is not exactly new and is based on the 2016 dirty cow vulnerability. This used the copy on write mechanism of Linux to convert read-only files to write and when combined with other exploits gained root access.
Compared to Dirty COW, the Dirty Pipe is much easier to exploit and yet has more serious results than the dirty COW.
Components of The Dirty Pipe
The pipe in the name of Dirty Pipe refers to the Linux pipe tool which is used for unidirectional inter-process communication. This tool on first use allocates 4Kb of memory. One can use the append function to add more data to the new page file created in the memory. This Pipe function is used for exploiting by Dirty Pipe exploit.
How Serious is it for Android?
Newer flagship devices like the Pixel 6 and S22 Ultra are a few of the devices that can be exploited among many others. Such devices being affected is a serious issue as these devices are very high tickets and loss of access or files with this device may prove to be a very frustrating thing.
— Gab̴̯̚i̶̳̇ C̵̯͖̈͗͒͐i̷͖̘̭͑̈͊r̷͙̞̽͛̿ľ̸̢i̴̧̱͓̅ĝ̵͇͍͕̙ (@hookgab) March 7, 2022
The issue affects Linux kernel version 5.8 above. The 5.8 kernels were only introduced in Android after Android 12. Therefore devices running Android 11 and below will not be affected by the issue.
However, this exploit is a cause of concern for owners of new mobile devices that were released in 2022 as most of the devices came with Android 12 in 2022.
Google’s Preventive Measures
In case you´re using a Pixel 6/Pro, your device is affected by the "Dirty Pipe" exploit discovered by Max Kellermann.
An excellent write up can be found at:https://t.co/92r7hhmXzD
Just released an update to my custom Pixel 6/Pro kernel, which includes the fix for this exploit.
— Mile (@mile_freak07) March 8, 2022
According to Kellerman, he found a patch for the vulnerability and Google included the bug fix made by him in the updates last month. However, most non-pixel users will have to wait some time for the security patch to arrive as OEMs will take time to include this patch in the update.
This incident again reminds us that Linux is a double-edged sword that comes with a lot of benefits but also a lot of security risks. Therefore one must always know what they are getting into.
If you like such informative news, do make sure you keep visiting us!