Canonical Patches “Dirty Pipe” Vulnerability in Ubuntu 21.10 and 20.04 LTS, Update Now

Dirty Pipe

Canonical today published new Linux kernel security updates for all supported Ubuntu releases to address several vulnerabilities, including the infamous “Dirty Pipe” vulnerability.

This is a small security update coming just two weeks after the previous security update and it patches the so-called “Dirty Pipe” security vulnerability (CVE-2022-0847) discovered by Max Kellermann. This vulnerability only affects Ubuntu 21.10 and Ubuntu 20.04 LTS systems running the Linux 5.13 kernel and could allow a local attacker to modify any file that could be opened for reading.

“A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and as such escalate their privileges on the system,” reads the security advisory.

For all supported Ubuntu releases, including Ubuntu 21.10, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS, the new security update patches three Spectre-related flaws, CVE-2022-0001, CVE-2022-0002, and CVE-2022-23960. These were discovered by Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida, and could allow a local attacker to expose sensitive information due to insufficient hardware mitigations added by ARM and Intel to their processors to address the Spectre-BTI vulnerabilities.

Also for all supported Ubuntu releases, the new kernel security update also patches CVE-2022-25636, a security issue discovered by Nick Gregory that could allow a local attacker to cause a denial of service or possibly execute arbitrary code.

Canonical urges all Ubuntu users to update their installations to the new Linux kernel versions available in the stable repositories (linux-image for Ubuntu 21.10 and Ubuntu 20.04.4 LTS, linux-image for Ubuntu 20.04 LTS, as well as linux-image-hwe for Ubuntu 18.04.6 LTS).

To update your installations, use the Software Updater utility to install all available updates or run the sudo apt update && sudo apt full-upgrade command in the Terminal app. Please keep in mind to reboot your installations, as well as to rebuild and reinstall any third-party kernel modules you might have installed after applying the new kernel security patches.

Last updated 2 years ago

Buy Me a Coffee at