Linux Vulnerability (Dirty Pipe) CVE-2022-0847

A serious vulnerability has been found in Linux that can be exploited by untrusted users to execute code capable of performing a variety of malicious actions, such as installing backdoors, creating unauthorized accounts, and modifying scripts or binaries utilized by privileged services and applications.

Known as Dirty Pipe, the vulnerability is one of the most dangerous to Linux that has been made public since 2016, the year another high-severity and easily exploitable Linux flaw (Dirty Cow) was discovered.

Dirty Pipe is intended to both signal similarities to Dirty Cow as well as give clues regarding the origin of the new vulnerability. The term ‘pipeline’ refers to a Linux mechanism that allows one OS process to send data to another process. Pipelines consist of two or more processes that are linked in such a way that the output text of one process (stdout) is used directly as input by the next process (stdin).

The vulnerability has been tracked as CVE-2022-0847 and affects Linux Kernel 5.8 and later versions.

The vulnerability has since been weaponized so that anyone with an account on the server can add an SSH key to the root user’s account. This includes the least privileged ‘nobody’ accounts. Consequently, an existing untrusted user could remotely access the server via SSH with full root privileges.

Different Linux distributions have been informed about this vulnerability and are testing their packages for the vulnerability and correcting it:

• SUSE
• Red Hat
• Debian

In order to combat this high-risk security threat, QuickHostUK has successfully developed and deployed a patch. At this time, QuickHostUK does not have any servers affected by this vulnerability. Our managed clients are completely protected and will not need to make any changes.

Customers of QuickHostUK who are running unmanaged servers are advised to check and update any affected packages as soon as they become available.

See the exploit in action and test your own servers: