Researchers from CM4all discovered that the Linux kernel was hit by Dirty Pipe, a vulnerability that allows hackers to inject malicious code into root processes.

According to CM4all researchers, the vulnerability allows hackers to overwrite data with malicious code in read-only files. Injecting code into root processes could lead to privilege escalation.

The security experts discovered the vulnerability in the handling process of support tickets. Although the problem was initially solved by hand, it kept recurring. Therefore, the researchers decided to investigate the matter further.

The research uncovered that the ‘Dirty Pipe’ vulnerability occurred not only when privileged processes overwrote data in read-only files, but also in random positions and random data. Ultimately, it allowed willing cybercriminals to penetrate systems and acquire data.

Linux kernel 5.8

The vulnerability (CVE-2022-0847) applies to Linux kernel version 5.8 and upwards, as well as Android-based devices. Patches were released for Linux versions 5.16.11, 5.15.25, 5.10.102 and the Android kernel.