A software developer at European cloud and hosting provider IONOS discovered a severe security vulnerability in the kernel of the Linux operating system as of version 5.8 in mid-February (CVE-2022-0847). The so-called “Dirty Pipe” vulnerability allows Linux users to overwrite any files without having the corresponding access rights.
The developer informed the Linux kernel team the same day, already providing a corresponding patch. Linux has rolled out the security update to all affected versions. Google has updated the Android smartphone operating system, which was also affected.
Malicious exploitation of this vulnerability would enable attackers to gain complete control over computers or smartphones and, for example, read users’ private messages. Banking apps could also be compromised.
The IONOS developer became aware of the vulnerability through customer complaints about corrupted files. After the same problem occurred several times a few months after the first report, the IONOS expert was able to recognize a pattern based on the new data and ultimately discovered the cause of the error in the Linux kernel, the core of the operating system.
Generally, Linux allows precise permissions for reading, writing or executing files to be defined for each file. An error in the way memory is managed for communication between different processes (by means of so-called pipes) made it possible to bypass these protection mechanisms.
The local kernel vulnerability affects all Linux systems from kernel version 5.8, but also Android devices running untrusted apps. Although these are isolated from the operating system as much as possible, the flaw could still be reproduced.
The problem was fixed by a small adjustment of the Linux kernel source code. In the spirit of “responsible disclosure”, IONOS waited with the publication of the vulnerability until the patch was widely rolled out.
Developer Max Kellermann has described in detail how he found the vulnerability on the blog of IONOS subsidiary CM4all: https://dirtypipe.cm4all.com/