Linux kernel error called “Dirty Pipe” can lead to rooting, and it affects Android devices too

One of the Linux kernel’s strongest points was primarily its open source nature, which allows stakeholders to partition, modify, and redistribute it in a way that suits their own needs. But this particular advantage of being open source acts as a double-edged sword when it comes to the presence of unprecedented vulnerabilities and corresponding exploitable scenarios. While big-name developers and OEMs are working hard to enhance the overall security of the Linux ecosystem (which also includes Android), new vulnerabilities and exploits keep popping up and slipping under the radar. The error this time seems to be very serious, unfortunately.

XDA-Developers Video of the Day

The newest bad fish in the pond has been discovered by security researcher Max Kellermann. nickname dirty pipesThe vulnerability allows data to be overwritten in random read-only files. Although it has already been patched in the main Linux kernel, the bug is likely to be armed in the form of a privilege escalation exploit on every machine running Linux kernel version 5.8 or later. This also means that a handful of newly released Android smartphones, such as the Samsung Galaxy S22 and Google Pixel 6 are also at risk, so that each device receives the appropriate kernel patch from the respective OEM.


The origin of the dirty pipe

Kellermann found this anomaly in April 2021, but it took a few more months to come up with a proof of concept exploit. Officially cataloged as CVE-2022-0847The vulnerability allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes running as root. It seems that the slang is a play on the notorious dirty cow bug and a Linux mechanism called pipeline for passing messages between processes, the latter being used during the exploit routine.


How Serious is Dirty Pipe for Android Users?

Due to the fact that Linux kernel 5.8 (or higher) has only been an Android option since Android 12, older devices are not affected. However, smartphones based on Qualcomm Snapdragon 8 Gen 1, MediaTek Dimensity 8000, Dimensity 9000, Samsung Exynos 2200 and Google Tensor SoC are vulnerable to the Dirty Pipe defect due to the build of their launch kernel.

Keep in mind that Dirty Pipe itself is not an exploit, but rather a vulnerability. However, this vulnerability allows modification of a binary used by a privileged service or the creation of a new user account with root privileges. By exploiting this vulnerability, a malicious user space process could technically have unrestricted root access on the victim’s device.


What has Google done so far to combat Dirty Pipe?

According to Kellermann, Google integrated its bug fix with the Android kernel last month, right after it was fixed with the release of Linux kernel versions 5.16.11, 5.15.25 and 5.10.102. Having said that, we’ll likely need to wait a bit before OEMs start rolling out Android updates that contain the fix. For example, Google’s internal Pixel 6 is still weak, but power users can mitigate the flaw by installing an aftermarket custom patched kernel as a back-up option.


concluding remarks

Although the chances of missing something incredibly dangerous are reduced by having more eyes to scrutinize the code, the emergence of Dirty Pipe among other types of exploits (re) proves the fact that we are all still human and are bound to make a mistake. Fragmentation is often the crux of the issue here, as a lot of these vulnerabilities are patched in newer kernel versions, but unfortunately, they will never be propagated across many current devices.

A very large part of the blame here lies with indifference by OEMs, and such scenarios are unlikely to change anytime soon, especially in the entry-level smartphone market. We at XDA generally welcome users’ ability to root, but we don’t celebrate the existence of root vulnerabilities like this, especially those potentially dangerous to end users.

What are your thoughts on Dirty Pipe and the current security status of Android? Let us know in the comments below!


source: Dirty tube detection by Max Kellermann