New Linux bug gives root on all major distros, exploit released

[MJCM]

https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/

 

 

 

Quote

 

A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.

The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.

Kellerman states that the vulnerability is similar to the Dirty COW vulnerability (CVE-2016-5195) fixed in 2016.

 

The vulnerability was responsibly disclosed to various Linux maintainers starting on February 20th, 2022, including the Linux kernel security team and the Android Security Team.

While the bug has been fixed in Linux kernels 5.16.11, 5.15.25, and 5.10.102, many servers continue to run outdated kernels making the release of this exploit a significant issue to server administrators.

 

 

Edited March 9, 2022 by MJCM

[MJCM]

More info:

 

https://dirtypipe.cm4all.com/

[MJCM]

I received the update this morning on my Raspberry PI 4

 

Previous Kernel

root@raspberrypi:/home/pi# uname -a
Linux raspberrypi 5.10.92-v7l+ #1514 SMP Mon Jan 17 17:38:03 GMT 2022 armv7l GNU/Linux

 

New one

 

root@raspberrypi:/home/pi# uname -a
Linux raspberrypi 5.10.103-v7l+ #1530 SMP Tue Mar 8 13:05:01 GMT 2022 armv7l GNU/Linux 

 

 

Edited March 10, 2022 by MJCM