CVE-2022-0847
Last modified
CVE-2022-0847 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.. CISA has confirmed active exploitation in the wild. EPSS estimates a 89.06% chance of exploitation in the next 30 days.
Description
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.8, < 5.10.102 |
| Linux | Linux Kernel | >= 5.15, < 5.15.25 |
| Linux | Linux Kernel | >= 5.16, < 5.16.11 |
| Fedoraproject | Fedora | 35 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Eus | 8.2 |
| Redhat | Enterprise Linux Eus | 8.4 |
| Redhat | Enterprise Linux For Ibm Z Systems | 8.0 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.2 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.4 |
| Redhat | Enterprise Linux For Power Little Endian | 8.0 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.2 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.4 |
| Redhat | Enterprise Linux For Real Time | 8 |
| Redhat | Enterprise Linux For Real Time For Nfv | 8 |
| Redhat | Enterprise Linux For Real Time For Nfv Tus | 8.2 |
| Redhat | Enterprise Linux For Real Time For Nfv Tus | 8.4 |
| Redhat | Enterprise Linux For Real Time Tus | 8.2 |
| Redhat | Enterprise Linux For Real Time Tus | 8.4 |
| Redhat | Enterprise Linux Server Aus | 8.2 |
| Redhat | Enterprise Linux Server Aus | 8.4 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.1 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.2 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.4 |
| Redhat | Enterprise Linux Server Tus | 8.2 |
| Redhat | Enterprise Linux Server Tus | 8.4 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.1 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.2 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.4 |
| Redhat | Codeready Linux Builder | All versions |
| Redhat | Virtualization Host | 4.0 |
| Ovirt | Ovirt-Engine | 4.4.10.2 |
| Netapp | H300s Firmware | All versions |
| Netapp | H500s Firmware | All versions |
| Netapp | H700s Firmware | All versions |
| Netapp | H300e Firmware | All versions |
| Netapp | H500e Firmware | All versions |
| Netapp | H700e Firmware | All versions |
| Netapp | H410s Firmware | All versions |
| Netapp | H410c Firmware | All versions |
| Siemens | Scalance Lpe9403 Firmware | < 2.0 |
| Sonicwall | Sma1000 Firmware | <= 12.4.2-02044 |
References
- http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.htmlThird Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=2060795Issue Tracking, Patch, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdfThird Party Advisory
- https://dirtypipe.cm4all.com/Exploit, Third Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220325-0005/Third Party Advisory
- https://www.suse.com/support/kb/doc/?id=000020603Third Party Advisory
- http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.htmlThird Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=2060795Issue Tracking, Patch, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdfThird Party Advisory
- https://dirtypipe.cm4all.com/Exploit, Third Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220325-0005/Third Party Advisory
- https://www.suse.com/support/kb/doc/?id=000020603Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0847US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2022-0847?
How severe is CVE-2022-0847?
How do I fix CVE-2022-0847?
Are you affected by CVE-2022-0847?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST