Name of the Vulnerable Software and Affected Versions:

Linux Kernel versions prior to 5.16.11

Linux Kernel versions prior to 5.15.25

Linux Kernel versions prior to 5.10.102

Linux Kernel versions 5.8 through 5.16.10

Linux Kernel versions 5.8 through 5.15.24

Linux Kernel versions 5.8 through 5.10.101

Description:

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy page to iter pipe and push pipe functions in the Linux kernel, allowing an unprivileged local user to write to pages in the page cache backed by read-only files and escalate their privileges on the system. This issue, known as "Dirty Pipe," can be exploited to overwrite arbitrary data, including files that are normally read-only, and gain complete control of a system. The vulnerability can be used to modify or overwrite arbitrary read-only files, obtain an elevated shell, and potentially allow an attacker to take control of a vulnerable system. It has been observed being used in real-world attacks, including by the UTA0137 threat actor, to gain privileges escalation.

Recommendations:

For Linux Kernel versions prior to 5.16.11, update to version 5.16.11 or later.

For Linux Kernel versions prior to 5.15.25, update to version 5.15.25 or later.

For Linux Kernel versions prior to 5.10.102, update to version 5.10.102 or later.

As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.