The latest high-severity privilege escalation vulnerability in the Linux kernel: Dirty Pipe
Security researcher Max Kellermann from CM4all disclosed a high-severity privilege escalation vulnerability in the Linux kernel : Dirty Pipe . The vulnerability number is CVE-2022-0847.
According to reports, this vulnerability has existed since version 5.8. Non-root users gain root privileges by injecting and overwriting data in read-only files .
Because unprivileged processes can inject code into the root process.
Max said the “dirty pipe” vulnerability is similar to “dirty cow” a few years ago , so it has a similar name, but the former is easier to exploit.
In addition, the vulnerability has been exploited by hackers, and researchers recommend upgrading the version as soon as possible. Linux 5.16.11, 5.15.25 and 5.10.102 have all fixed this vulnerability.
From Wikipedia, the free encyclopedia
Linux as a whole is released under the GNU General Public License version 2 only, but it contains files under other compatible licenses. However, Linux begun including proprietary binary blobs in its source tree and main distribution in 1996.[disputed – discuss] This led to other projects starting work to remove the proprietary blobs in order to produce a 100% libre kernel, which eventually led to the Linux-libre project being founded.
Since the late 1990s, it has been included as part of a large number of operating system distributions, many of which are commonly also called Linux. However, there is a controversy surrounding the naming of such systems; some people, including Richard Stallman, argue calling such systems “Linux” is erroneous because the operating system is actually mostly GNU, with the Linux kernel being one component added later on in 1992, 9 years after the initiation of the GNU project in 1983, hence the name “GNU+Linux” or “GNU/Linux” should be used instead.
Linux is deployed on a wide variety of computing systems, such as embedded devices, mobile devices (including its use in the Android operating system), personal computers, servers, mainframes, and supercomputers. It can be tailored for specific architectures and for several usage scenarios using a family of simple commands (that is, without the need of manually editing its source code before compilation); privileged users can also fine-tune kernel parameters at runtime. Most of the Linux kernel code is written using the GNU extensions of GCC to the standard C programming language and with the use of architecture specific instructions (ISA). This produces a highly optimized executable (vmlinux) with respect to utilization of memory space and task execution times.
Day-to-day development discussions take place on the Linux kernel mailing list (LKML). Changes are tracked using the version control system git, which was originally authored by Torvalds as a free software replacement for BitKeeper.