New “Dirty Pipe” Linux Bug – Do You Know Your Entire Attack Surface?

Earlier this week, security researcher Max Kellerman identified a Linux kernel vulnerability dubbed “Dirty Pipe,” which is among the most dangerous Linux bugs in recent memory. 

It’s a vulnerability that affects every Linux kernel since 5.8, and could allow attackers to overwrite data in arbitrary read-only files. Combined with other exploits, this could lead to cede root access to attackers. The bug has been patched in the mainline Kernel, but any device running Linux 5.8 or later – including a group of recently released Android smartphones, will be affected.

The diversity of devices, users and applications being used by businesses is more complex than ever before. Even when you know what vulnerabilities you need to patch, IT and security teams have a real challenge determining how many devices or instances they need to account for. The biggest risk for organizations is losing track of their IT asset inventory. Luckily this particular exploit is only going to affect newer devices, but as we’ve seen with previous Linux bugs, like the recently-discovered PolicyKit vulnerability that had been lurking in systems for more than a decade, that’s not always the case.

Enterprises are littered with forgotten or abandoned deployments, and a single unpatched instance can be enough for malicious actors to get a foothold in your network and do real and lasting damage. In order to protect the entirety of your attack surface, the priority for security teams needs to be creating and maintaining a comprehensive inventory of every IT asset that touches the network.

Share This Post: