How To Identify and Fix The Dirty Pipe Vulnerability In Linux Kernel- CVE-2022-0847

Sandeep Sasikumar | Updated 11 Mar 2022 | 2 min read

A vulnerability has been identified in the Linux Kernel1 which allows overwriting data in arbitrary read-only files, which might lead to privilege escalation as unprivileged processes can inject code into root processes2 . It is similar to CVE-2016-5195 ‘Dirty Cow’ but is easier to exploit which makes it more dangerous. The vulnerability is tracked under CVE ID CVE-2022-0847. The article explains the steps to Identify and Fix the vulnerability.3

Associated CVE ID	CVE-2022-0847
Description	A vulnerability in the Linux kernel that allows overwriting data in arbitrary read-only files.
Associated ZDI ID	–
CVSS Score	7.8 High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score	–
Exploitability Score	–
Attack Vector (AV)	Local
Attack Complexity (AC)	Low
Privilege Required (PR)	Low
User Interaction (UI)	None
Scope	Unchanged
Confidentiality (C)	High
Integrity (I)	High
availability (a)	High

Identify whether the Kernel Version Affected By CVE-2022-0847

The vulnerability exists in kernel versions starting from v5.8 to v5.15. On an Ubuntu machine, you will be able to run the command 'uname -rs' and confirm whether your Kernel version is affected.

Fix CVE-2022-0847 on Ubuntu

Before starting to fix the vulnerability please do make sure to take a backup of the whole machine. Once the backup is completed proceed by checking the kernel version using the command 'uname -rs'

1) Check the kernel version

uname -rs

2) Download kernel modules 5.17

Download the kernel modules from kernel.ubuntu.com website. Download the latest version available.

3) Download these two files (where X.Y.Z is the highest version):

linux-image-*X.Y.Z*-generic-*.deb
linux-modules-X.Y.Z*-generic-*.deb

Make sure to replace X, Y, Z with the required numbers for the versions.

4) Execute the below commands to fetch the deb files

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-image-unsigned-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-modules-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb

5) Execute chmod +x command to provide execute permissions

chmod +x *.deb

6) Install kernel module 5.17

sudo dpkg --install *.deb

7) Reboot

Once installation is complete restart the machine using ‘reboot’ command.

8) Confirm Kernel Upgrade

Once the reboot process is completed execute the ‘uname -rs’ command to confirm the kernel version is upgraded to the secure one.

References

1 Max Kellermann, LWN (mailing-list posting), “The “dirty pipe” vulnerability,” Published on 2022 March 07, Link accessed on 2022 March 09. https://lwn.net/Articles/887056/
2Pierluigi Paganini, Security Affairs (online), “Dirty Pipe Linux flaw allows gaining root privileges on major distros,” Published on 2022 March 08, Link accessed on 2022 March 09. https://securityaffairs.co/wordpress/128780/hacking/dirty-pipi-linux-flaw.html
3 Arun K. L., The Sec Master (blogpost), “How To Fix The Dirty Pipe Vulnerability In Linux Kernel- CVE-2022-0847,” Dateline not provided, Link accessed on 2022 March 09. https://www.thesecmaster.com/how-to-fix-the-dirty-pipe-vulnerability-in-linux-kernel-cve-2022-0847/