Researchers, however, may find the technique more valuable, because it allows them to perform diagnostics that otherwise wouldn't be possible.īut perhaps the group most interested will be people trying to install malicious wares. That means hobbyists who want to root their devices so they have capabilities not normally available would have to perform the procedure each time the phone turns on, a requirement that is unattractive to many rooting aficionados. The root achieved is tethered, meaning it can't survive a reboot.
Though, because it only works on 5.8 kernels and up, it's limited to the two devices we saw in the demo." Advertisementĭirty Pipe -> kernel r/w+selinux disabled+root shell on Pixel 6 Pro and Sasmsung S22 latest update :) /WwhwjLyU5q- Fire30 March 14, 2022 The exploit "is notable because there have only been a few public Android LPEs in recent years (compare that to iOS where there have been so many). "It's exciting because most Linux kernel vulnerabilities are not going to be useful to exploit Android," Valentina Palmiotti, lead security researcher at security firm Grapl, said in an interview. Despite the challenge, the successful Android root shows that Dirty Pipe is a viable attack vector against vulnerable devices.
As I reported last week, Dirty Pipe is among the most serious Linux threats to be disclosed since 2016, the year another high-severity and easy-to-exploit Linux flaw named Dirty Cow came to light.Īndroid uses security mechanisms such as SELinux and sandboxing, which often make exploits hard, if not impossible. From there, a malicious app could surreptitiously steal authentication credentials, photos, files, messages, and other sensitive data.
Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.Further Reading Linux has been bitten by its most high-severity vulnerability in yearsBut for devices that do package affected Linux kernel versions, Dirty Pipe offers hackers-both benign and malicious-a platform for bypassing normal security controls and gaining full root control.
Use a security solution that provides patch management and endpoint protection, such as Kaspersky Endpoint Security for Linux.Apply all relevant security updates once they are available.To ensure that your corporate infrastructure is protected against this and similar threats: There are plenty of ways for attackers to gain the root privileges using this vulnerability, such as unauthorized creation of new cron jobs, SUID binary hijacking, /etc/passwd modification, and so on.Ī working version of the Dirty Pipe exploit is already available on various security-related sites and repositories, so it can be used by attackers ITW. A lack of zero initialization of the new structure’s member results in a stale value of flags, which can be abused by an attacker to gain write access to pages in the cache even if they originally were marked with a read-only attribute. This vulnerability happens due to usage of partially uninitialized memory of the pipe buffer structure during its construction. The detection verdicts are:Īn unprivileged local user could use the Dirty Pipe flaw to write to pages in the page cache backed by read-only files and as such, escalate their privileges on the system. Kaspersky products protect against attacks leveraging the Dirty Pipe vulnerability.
Although the flaw is fixed in the latest Linux kernel versions, and, according to our data, there is no mass exploitation of this vulnerability at the moment, a detailed description and a working POC are available online, which increases the risk of this vulnerability being exploited by attackers. Last week, security researcher Max Kellermann discovered a high severity vulnerability in the Linux kernel, which was assigned the designation CVE-2022-0847. It affects the Linux kernels from 5.8 through any version before 5.16.11, 5.15.25 and 5.10.102, and can be used for local privilege escalation. The vulnerability resides in the pipe tool, which is used for unidirectional communication between processes, so the researcher called it “Dirty Pipe”.