A security vulnerability has been detected in the Linux Kernel, allowing users without local privileges to gain root privileges on vulnerable systems. The vulnerability, called Dirty Pipe, cause it is similar to the Dirty Cow vulnerability, has been fixed in Linux Kernel and Android Kernel. Affected Linux distributions are in the process of issuing security updates for the vulnerability.
The vulnerability tracked as CVE-2022-0847 is located in the struct pipe_buffer component of the Linux Kernel. The vulnerability allows threat actors to overwrite data in read-only files and SUID Binary files to gain root access.
The vulnerability affecting Linux Kernel 5.8 and later has been fixed in Linux 5.16.11, 5.15.25, 5.10.102, and the latest Android Kernel. Users using vulnerable Linux and Android Kernel versions are advised to apply the released updates immediately.