@X_Cli to Linux • 2 years agoDirty Pipe Vulnerability - Writing on read-only/immutable filesdirtypipe.cm4all.commessage-square5arrow-up114arrow-down10cross-posted to: security
arrow-up114arrow-down1external-linkDirty Pipe Vulnerability - Writing on read-only/immutable filesdirtypipe.cm4all.com@X_Cli to Linux • 2 years agomessage-square5cross-posted to: security
minus-square@Thannlink4•2 years agodisclosure timeline 2021-04-29: first support ticket about file corruption 2022-02-19: file corruption problem identified as Linux kernel bug, which turned out to be an exploitable vulnerability 2022-02-20: bug report, exploit and patch sent to the Linux kernel security team 2022-02-21: bug reproduced on Google Pixel 6; bug report sent to the Android Security Team 2022-02-21: patch sent to LKML (without vulnerability details) as suggested by Linus Torvalds, Willy Tarreau and Al Viro 2022-02-23: Linux stable releases with my bug fix (5.16.11, 5.15.25, 5.10.102) 2022-02-24: Google merges my bug fix into the Android kernel 2022-02-28: notified the linux-distros mailing list 2022-03-07: public disclosure
disclosure timeline