Dirty Pipe vulnerability in Linux

Cyber Security visualisation

A critical security vulnerability in the Linux kernel has been detected, which allows a user to get write access to a file, it shouldn’t have write access to, by using pipes for data streams and the Linux filesystem page cache. The vulnerability is hence called “Dirty Pipe“, otherwise given the ID CVE-2022-0847.

The vulnerability affects Linux from version 5.8 on, hence Linux versions 5.4, 4.x and 3.x are not affected. You can obtain the Linux version of your system with the following command:

uname -a

The output looks like this, indicating the fixed version 5.10.103:

Linux hostname 5.10.103-v7+ #1530 SMP Tue Mar 8 13:02:44 GMT 2022 armv7l GNU/Linux

or this, indicating the vulnerable version 5.10.92:

Linux hostname 5.10.0-0.bpo.11-amd64 #1 SMP Debian 5.10.92-1~bpo10+1 (2022-02-03) x86_64 GNU/Linux
  • For the 5.10 Linux family, 5.10.102 has Dirty Pipe fixed.
  • For the 5.15 family, it’s 5.15.25.
  • For those which are on edge, 5.16.11 has it fixed as well.

How to mitigate Dirty Pipe?

Debian, Armbian and the Raspberry Pi Foundation have released kernel packages with the security vulnerability fixed. To apply the kernel upgrade, please run the following commands:

apt update
apt upgrade

In case you do not see any kernel upgrade listed or applied, you may need to do a full package upgrade, especially required on x86_64 system, which use the versioned Debian kernel packages:

apt full-upgrade

Afterwards a reboot is required to load the new kernel. On x86_64 systems the old kernel is still installed, which you can remove after the reboot:

apt autopurge

Verify via uname -a the now patched running Linux version, and that your system is hence safe against “Dirty Pipe”.

More details and the story about the vulnerability’s detection can be read here:

Dirty Pipe vulnerability in Linux

Leave a Reply

Your email address will not be published.

Scroll to top