Apparently, the vulnerability in the Linux kernel has been around since version 5.8, which was released in August 2020. It’s tracked as CVE-2022-0847. It allows overwriting data in arbitrary read-only files, which means attackers can escalate privileges, giving them access they shouldn’t have. Once privileges are escalated, they can do all sorts of things on a system.
Creating an SSH key is just one of many actions an attacker can take when exploiting the vulnerability. One can hijack a SUID binary to create a root shell, and another can allow untrusted users to overwrite data in read-only files. These are severe attacks that could do all sorts of damage to a system.
“It’s about as severe as it gets for a local kernel vulnerability,” Brad Spengler, president of Open Source Security, wrote in an email to Ars Technica. “Just like Dirty Cow, there’s essentially no way to mitigate it, and it involves core Linux kernel functionality.”
It’s not just Linux computers that are vulnerable. Because Android runs the Linux kernel, any device running 5.8 or later is also susceptible, opening up a slew of people to potential risk. For example, the Pixel 6 and the Samsung Galaxy S22 run 5.10.43 of the Linux kernel, making these new and popular devices vulnerable.
As far as the fix goes, the major Linux distros are working hard to get them out. Ubuntu post on Twitter saying, “The @ubuntu kernel team is busy cranking out and testing updated kernels to patch ‘Dirty Pipe’ – expect updates to be available tomorrow with any luck.” We expect other Linux distros to be working on fixes, as well.
RELATED: What Is Ubuntu?