Researchers Warn of Linux Kernel ‘Dirty Pipe’ Arbitrary File Overwrite Vulnerability


Arbitrary File Overwrite Vulnerability

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems.

Dubbed “Dirty Pipe” (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the flaw “leads to privilege escalation because unprivileged processes can inject code into root processes.”

Kellerman said the bug was discovered after digging into a support issue raised by one of the customers of the cloud and hosting provider that concerned a case of a “surprising kind of corruption” affecting web server access logs.

Read more…