Linux Distros Patch 'Dirty Pipe' Make-Me-Root Kernel Bug
An Anonymous Coward writes:
https://www.theregister.com/2022/03/08/in_brief_security/ [theregister.com]
"A Linux local privilege escalation flaw dubbed Dirty Pipe has been discovered and disclosed along with proof-of-concept exploit code.
The flaw, CVE-2022-0847, was introduced in kernel version 5.8 and fixed in versions 5.16.11, 5.15.25, and 5.10.102.
It can be exploited by a normal logged-in user or a rogue running program to gain root-level privileges; it can also be used by malicious apps to take over vulnerable Android devices. If your phone is running an affected Linux kernel version - which you can find under About Phone and software information in the Settings app, typically - be aware that a rogue application could exploit Dirty Pipe to hijack your handset, tablet, or gadget.
[...] Max Kellermann said he found the programming blunder and reported it to the kernel security team in February, which issued patches within a few days. By now these should be filtering through to affected Linux distributions. Android will take longer: we're not aware of any official updates yet."
[...] If you're running Linux, check for security updates from your distro and install.
Read more of this story at SoylentNews.