Techloaded247Techloaded247
  • Home
  • Tech
  • Mobiles
    • My Gadgets
    • Gaming
  • Contact Us
  • Tech Jobs
    • TECH JOBS IN NIGERIA
    • TECH JOBS IN U.S.A
    • TECH JOBS IN CANADA
    • TECH JOBS IN INDIA
  • ABOUT US
Facebook Twitter Instagram
Facebook Twitter Instagram
Techloaded247Techloaded247
  • Home
  • Tech

    Dell XPS 15 i7 11th Gen Intel – Touchscreen Laptop

    How to Create Block Quote in Google Docs

    Best Cheap Cloud Hosting Server 2023

    How to Fix Stuck on Meta Quest Logo Screen? (SOLVED)

    What is Smart Energy?

  • Mobiles
    1. My Gadgets
    2. Gaming
    3. View All

    How to sell Apple HomePod

    Fan Favorite Disney Apple Watch Bands You’ll Love

    Samsung Smart Tag Wallet: Overview

    Galaxy Watch 4 42mm vs 46mm – The Right Size For You?

    Games like Uncharted For Xbox: Adventure and Treasure

    How To Fix Sprint Bug in Dead Space Remake

    Dead Space Remake Review: What’s New

    Revealing Rise of the Ronin, a new action-RPG

    iPhone 15 Pro — Everything We Know So Far

    Fitbit Sense 2 vs Fitbit Sense: Full Comparison

    Google Pixel 7 Vs. iPhone 14 Plus: Full Comparison

    Fixing Iphone That Won’t Charge: Easy Steps

  • Contact Us
  • Tech Jobs
    • TECH JOBS IN NIGERIA
    • TECH JOBS IN U.S.A
    • TECH JOBS IN CANADA
    • TECH JOBS IN INDIA
  • ABOUT US
Techloaded247Techloaded247
Home » Dirty Pipe Makes Linux Privilege Escalation Easy
Tech

Dirty Pipe Makes Linux Privilege Escalation Easy

Abdulmujeeb OwolabiBy Abdulmujeeb OwolabiUpdated:March 10, 2022No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Dirty Pipe Makes Linux Privilege Escalation Easy
Share
Facebook Twitter LinkedIn Pinterest Email

One of the best things about the Linux kernel has been that it is open-source, which means that anyone can fork, change, and distribute it in a way that fits their own needs. But when it comes to security flaws that haven’t been fixed, the fact that the software is open source can be a double-edged sword.

A lot of people are working on making the Linux ecosystem more secure, but new bugs and exploits keep popping up and going unnoticed. This is true for both Android and other Linux-based systems. The mistake this time looks to be a lot worse than the last one.

When security researcher Max Kellermann looked into the pond, he found a new fish that was bad. The bug, which is called “Dirty Pipe,” lets you overwrite data in any read-only files. Despite having been fixed in the mainline Linux kernel, the bug could still be used in a way that could give someone more power on any device that has a Linux kernel version 5.8 or better. It also means that a lot of new Android phones, like the Samsung Galaxy S22 and the Google Pixel 6, can be hacked until they get the right kernel patch from their manufacturers.

The origin of Dirty Pipe

Back in April of 2021, Kellermann found an anomaly. It took him a few more months to come up with a proof of concept for a way to get around it. CVE-2022-0847 is the formal name for vulnerability. It allows a non-privileged user to insert and overwrite data in read-only files, even if the process is running as root. The term “dirty cow” and “pipeline” seem to be a play on the famous “dirty cow” bug and a Linux feature called “pipeline,” which is used during the exploitation process.

Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary. https://t.co/q8NtTlbgOZ pic.twitter.com/jxYUKYVCBo

— BLASTY (@bl4sty) March 7, 2022

Is Dirty Pipe a big deal for Android users?

People who own older phones and tablets won’t have to worry about this because Android 12 only has a Linux kernel version 5.8 or above. It’s also possible for phones with the Qualcomm Snapdragon 8 Gen 1, the MediaTek Dimensity 8000 and 9000, Samsung Exynos 2200, and the Google Tensor SoC to be infected by the Dirty Pipe flaw because of the launch kernels they had.

Easy root! Looks like #dirtypipe is fine and dandy on #Android. Probably going to be patched in the release version but till then make sure you're running < 5.8. pic.twitter.com/qgb1lFCnEu

— Gab̴̯̚i̶̳̇ C̵̯͖̈͗͒͐i̷͖̘̭͑̈͊r̷͙̞̽͛̿ľ̸̢i̴̧̱͓̅ĝ̵͇͍͕̙ (@hookgab) March 7, 2022

Keep in mind that Dirty Pipe is not an attack, but rather a weakness. However, this flaw allows you to change a binary used by a privileged service or make a new user account with root privileges. By taking advantage of this flaw, a malicious user-space process could have root access to a victim’s computer. Read also; Dynabook refreshes with 12th-gen Intel Processors

What has Google done so far to combat Dirty Pipe?

He says that last month, just after the Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 were released, Google added his bug fix to the Android kernel. Having said that, we may have to wait a while for Android updates with the fix to come out. Google’s own Pixel 6 is still at risk, but power users can mitigate the flaw by installing a custom kernel from an outside source that has been patched. Read more; Microsoft to Support 10,000 African Startups

In case you´re using a Pixel 6/Pro, your device is affected by the "Dirty Pipe" exploit discovered by Max Kellermann.
An excellent write up can be found at:https://t.co/92r7hhmXzD

Just released an update to my custom Pixel 6/Pro kernel, which includes the fix for this exploit.

— Mile (@mile_freak07) March 8, 2022

Closing notes

Though having more people look over the code makes it less likely that we’ll miss something that’s very important, the rise of Dirty Pipe and other exploits shows that we’re all still human and will make a mistake. There is often a lot of “fragmentation” at play here, as a lot of these exploits have been fixed in newer kernel releases, but many of these devices will never be able to use them.

OEMs are to blame for a lot of this, and things like this aren’t going to change any time soon, especially in the entry-level smartphone market. We at XDA welcome the fact that people can get root access, but we don’t like root exploits like this one, which could be dangerous to people who use them.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Abdulmujeeb Owolabi
  • Website

Abdulmujeeb Owolabi writes SEO articles for businesses that want to see their Google search rankings surge. With his 5 years of SEO expertise in writing tech, crypto, and finance blogs, you can reach him on Owolabi@techloaded247.com His articles focused on balancing information with SEO needs–but never at the expense of providing an entertaining read.

Related Posts

Dell XPS 15 i7 11th Gen Intel – Touchscreen Laptop

How to Create Block Quote in Google Docs

Best Cheap Cloud Hosting Server 2023

How to Fix Stuck on Meta Quest Logo Screen? (SOLVED)

Add A Comment

Leave A Reply Cancel Reply

New Comments
  • MintCoder on Apple removes the Apple Watch Series 6 from its official lineup
Techloaded247
WhatsApp Facebook Telegram Twitter Discord
  • Home
  • Tech
  • My Gadgets
  • Mobiles
  • Get In Touch

© 2023 Techloaded247. Designed by Techloaded Team.

Type above and press Enter to search. Press Esc to cancel.