This major Linux security vulnerability has been fixed, so patch now

News
By published

Linux distros as well as Android are affected

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock)

If you're running a Linux distro on your computer or use an Android smartphone, you should install the latest updates immediately as a severe security vulnerability has been found and patched in the Linux kernel.

The vulnerability, tracked as CVE-2022-0847 and dubbed “Dirty Pipe”, was discovered by a software developer named Max Kellerman at the web hosting company IONOS earlier this year. 

According to a detailed blog post published by Kellerman, he first became aware of the vulnerability present in the Linux kernel since 5.8 after receiving customer complaints about corrupted files. After the same problem occurred multiple times after the first report, Kellerman was able to recognize a pattern and discover that the cause of the error was in the Linux kernel itself.

Following his discovery, Kellerman informed the Linux kernel team the same day and it quickly provided a patch for the issue. A security update has now been rolled out to all affected Linux versions and Google has also updated the Android operating system which is based on a modified version of the Linux kernel and other open source software.

Dirty Pipe vulnerability

If left unpatched on vulnerable systems, Dirty Pipe can be exploited by an attacker to gain complete control over affected computers and smartphones. With this access, they would be able to read users' private messages, compromise banking apps and more.

Generally speaking, Linux allows precise permissions for reading, writing or executing files to be defined for each file. However, an error in the way memory is managed for communication between different processes (by means of so-called pipes) made it possible for an attacker to bypass these protection mechanisms.

Read More

> This Linux backdoor went undetected for 10 years

> Multiple vulnerabilities put 40 million Ubuntu users at risk

> Linux devs fix nasty vulnerability dating back half a decade

The Dirty Pipe vulnerability affects all Linux systems from kernel version 5.8 on as well as Android devices running untrusted apps. While untrusted apps are usually isolated from the operating system as much as possible, the flaw could still be reproduced according to a recent email from IONOS.

Although the problem was quickly fixed by making a small adjustment to the source code of the Linux kernel, IONOS waited until patches for Dirty Pipe were widely rolled out before publishing additional details on the vulnerability.

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Digital image of a lock.
Nvidia systems could be facing another worrying security flaw
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
China
Juniper patches security flaws which could have let hackers take over your router
A computer being guarded by cybersecurity.
Worrying Windows security issue patched by 7-Zip, so patch now
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
Latest in Software & Services
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Autonomous finance
Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
finance
Quickbooks vs Xero: which is the best for your business?
Group of people meeting
Zoom vs Google Meet: which is the best video conferencing tool for your business?
Fingers typing on a computer keyboard.
Microsoft 365 Personal vs Microsoft 365 Family: are there any real differences?
Latest in News
Volvo Gaussian Splatting
Volvo is using AI-generated worlds to make its cars safer and it’s all thanks to something called Gaussian splatting
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
More about software services
A person at a desktop computer working on spreadsheet tables.

Trello vs Jira: which project management solution is best for you?
finance

Quickbooks vs Xero: which is the best for your business?
Volvo Gaussian Splatting

Volvo is using AI-generated worlds to make its cars safer and it’s all thanks to something called Gaussian splatting
See more latest
Most Popular
Volvo Gaussian Splatting
Volvo is using AI-generated worlds to make its cars safer and it’s all thanks to something called Gaussian splatting
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Nvidia Earth-2 weather models
Nvidia has updated its virtual recreation of the entire planet - and it could mean better weather forecasts for everyone
Sennheiser HD 550 headphones profile shot
Sennheiser announces new HD 550 headphones with high-quality audio for gamers and audiophiles
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
Robotic hand clicking on captcha 'I am not a robot'.
Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame