The security world has been buzzing this week about a new Linux exploit called ‘Dirty Pipe’, which also affects Android 12 devices like the Galaxy S22 and Pixel 6. Here’s everything you need to know about ‘Dirty Pipe’, the devices it affects, and the best ways to avoid that.
What can dirty pipes do?
Max Kellerman recently disclosed the CVE-2022-0847 vulnerability, “Dirty Pipe” is a vulnerability in select recent versions of the Linux kernel. (The kernel is the core of the operating system, and often acts as an intermediary from apps to your actual hardware.) In short, any app that can read files on your phone/PC—permission required by many Android apps—could potentially tamper with your files or run malicious code. On desktop/laptop versions of Linux, this has been shown to actually be able to easily get admin privileges.
Simply put, this exploit can easily give the attacker complete control over your device.
What organs are affected by “Dirty Pipe”?
In general, “Dirty Pipe” affects Linux-based devices – which includes everything from Android phones and Chromebooks to Google Home devices like Chromecasts, speakers, and displays. More specifically, the bug was introduced with Linux kernel 5.8, which was released in 2020, and is still present in future versions.
On the Android side of things, as noted before Ars Technica‘s Ron Amadeo, the potential for damage to “dirty pipes” is very limited. Most Android devices actually use an older version of Linux kernel, unaffected by the exploit. Only devices that started their lives on Android 12 have a chance to be affected.
Unfortunately, this means that Android phones such as the Google Pixel 6 series and the Samsung Galaxy S22 series are likely to be at risk of “Dirty Pipe”. In fact, the developer who originally discovered the exploit managed to reproduce it on a Pixel 6 phone and reported it to Google.
The easiest way to check if your device is affected is to view your Linux kernel version. To do this, open the Settings app, open About Phone, tap Android Version, and then search for Kernel Version. If you see a version higher than 5.8 – and if Google hasn’t yet released a security patch – your device is probably at risk from a “Dirty Pipe” exploit.
To find this same information on Chrome OS, open a new tab and go to chrome://system and scroll down to “uname”. You should see something like the text below. If the number after “Linux localhost” is higher than 5.8, your device may be affected.
Are attackers using the exploit?
So far, there are no known cases of a “Dirty Pipe” exploit to take control of a phone or computer. However, quite a few developers have shown proof-of-concept examples of how easy it is to use “dirty pipes”. It’s certainly only a matter of time before vulnerabilities based on “Dirty Pipe” begin to appear in the wild.
Latest example spotted (via Max Weinbach) Explains the use of dirty pipes Very fast Get root access on both the Pixel 6 and Galaxy S22 using a proof-of-concept app. While the exploit could have been previously confirmed on the Pixel 6, this demo, posted by Fire30, is the first to show Dirty Pipe in action on an Android phone.
What are Google and other companies doing?
In addition to originally revealing the “Dirty Pipe” exploit, Kellermann was also able to determine how to fix it, and provided a fix for the Linux kernel project shortly after revealing it privately. Two days later, newer versions of the supported Linux kernel were released to include the fix.
As mentioned earlier, a “Dirty Pipe” exploit was also reported to Google’s Android security team in late February. Within days, a Kellermann fix was added to the Android source code, ensuring that future versions are safe. The Chrome OS team followed suit in opting for a fix on March 7, as it looks like the fix is about to roll out most likely as a mid-cycle update for Chrome OS 99.
However, given how serious both the exploit and the fix are, the issue does not appear to have been included in the March 2022 Android Security Bulletin. It is not clear at this point if a special patch will be created for affected devices such as the Pixel 6 series or if the exploit is It will be available until next month’s security patch. According to Android Police Rin HagarGoogle has confirmed that the recent delay in the March Pixel 6 patch has nothing to do with the “Dirty Pipe” exploit.
How does “Dirty Pipe” work?
For technical beginners, especially those with experience with Linux, Kellermann has published an interesting article on how to inadvertently detect the “Dirty Pipe” and the underlying mechanics of how it works.
Here’s a simplified (over-the-top) explanation: As the name “Dirty Pipe” suggests, it’s about Linux’s concepts of “pipes” – which are used to get data from one application or process to another – and “pages” – small bits of RAM your own. Effectively, it is possible for an application to manipulate Linux pipes in such a way that it is possible to insert its own data into a page of memory.
By doing this, an attacker can easily either change the contents of the file you are trying to open or even give himself complete control of your computer.
How can I keep my device secure?
The best way to keep your machine safe from “Dirty Pipe” exploits right now – and probably good advice in general – is to only run applications you know you can trust. Additionally, in the short term, you should avoid installing any new apps, if possible. While these actions may seem simple, they should go a long way toward keeping your device secure until a security patch is available.
FTC: We use affiliate links to earn income. more.
Check out 9to5Google on YouTube for more news: