This major Linux security vulnerability has been fixed, so patch now
Linux distros as well as Android are affected
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
If you’re running aLinux distroon your computer or use anAndroid smartphone, you should install the latest updates immediately as a severe security vulnerability has been found and patched in the Linux kernel.
The vulnerability, tracked asCVE-2022-0847and dubbed “Dirty Pipe”, was discovered by a software developer named Max Kellerman at theweb hostingcompanyIONOSearlier this year.
According to a detailedblog postpublished by Kellerman, he first became aware of the vulnerability present in the Linux kernel since 5.8 after receiving customer complaints about corrupted files. After the same problem occurred multiple times after the first report, Kellerman was able to recognize a pattern and discover that the cause of the error was in the Linux kernel itself.
Following his discovery, Kellerman informed the Linux kernel team the same day and it quickly provided a patch for the issue. A security update has now been rolled out to all affected Linux versions andGooglehas also updated the Androidoperating systemwhich is based on a modified version of the Linux kernel and otheropen source software.
Dirty Pipe vulnerability
If left unpatched on vulnerable systems, Dirty Pipe can be exploited by an attacker to gain complete control over affected computers and smartphones. With this access, they would be able to read users' private messages, compromise banking apps and more.
Generally speaking, Linux allows precise permissions for reading, writing or executing files to be defined for each file. However, an error in the way memory is managed for communication between different processes (by means of so-called pipes) made it possible for an attacker to bypass these protection mechanisms.
This Linux backdoor went undetected for 10 years
Multiple vulnerabilities put 40 million Ubuntu users at risk
Linux devs fix nasty vulnerability dating back half a decade
The Dirty Pipe vulnerability affects all Linux systems from kernel version5.8on as well as Android devices running untrusted apps. Whileuntrusted appsare usually isolated from the operating system as much as possible, the flaw could still be reproduced according to a recent email from IONOS.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Although the problem was quickly fixed by making a small adjustment to the source code of the Linux kernel, IONOS waited until patches for Dirty Pipe were widely rolled out before publishing additional details on the vulnerability.
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Best Usenet client of 2024
Best secure file transfer solution of 2024
3 questions to ask before buying a robot vacuum in the Black Friday sales
