Linux 'Dirty Pipe' vulnerability: Snyk explains the risk and what you can do to protect your systems

Linux 'Dirty Pipe' vulnerability: Snyk explains the risk and what you can do to protect your systems

London, March 17 - Last week, a critical vulnerability was discovered in Linux. Developer-first security company, Snyk, warns Linux users of the flaw in the Linux kernel that can be exploited by attackers allowing any process to modify files regardless of their permission settings or ownership. 

The vulnerability has been named "Dirty Pipe" by the security community due to its similarity to "Dirty COW", a privilege escalation vulnerability reported in 2016, and because the flaw exists in the kernel pipeline implementation. It has officially been published as CVE-2022-0847.

A container image is basically made up of a collection of layers that are overlaid on each other. It is common advice to make sure your containers run their processes as non-privileged users and to make their root file systems read-only to make it more difficult for attackers to exploit these. Dirty Pipe impacts your container images. Easily explained: a relatively simple set of steps can be performed allowing nearly any file to have its content changed, even if that file has permissions and/or ownership settings restricting such actions.

Eric Smalling, Senior Developer Advocate at Snyk, details what companies can do to protect their systems: 

"I would like to emphasize that users and companies should not underestimate this vulnerability. Attackers being able to modify files without permission or ownership could potentially be very dangerous. 

The only known fix for this vulnerability is to upgrade your Linux hosts to one of the following kernel versions: 5.16.11, 5.15.25, 5.10.102. There are no other mitigation options that can protect your systems should a malicious actor get access to your environment. I would recommend everyone to check and update their Linux hosts immediately."

If you are looking for more information about this vulnerability, read Eric Smalling's blog here. In addition, Snyk is available to answer questions about this vulnerability and its possible consequences. If you are interested in this, you can send a message to alex.blake@archetype.co