Vulnerability CVE-2022-0847


Published: 2022-03-10

Description:
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

See advisories in our WLB2 database:
Topic
Author
Date
High
Linux Kernel 5.8 < 5.16.11 Local Privilege Escalation (DirtyPipe)
blasty
08.03.2022
High
Dirty Pipe Local Privilege Escalation
timwr
13.03.2022

Type:

CWE-665

(Improper Initialization)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise linux server update services for sap solutions 
Redhat -> Enterprise linux 
Redhat -> Enterprise linux eus 
Redhat -> Enterprise linux for ibm z systems 
Redhat -> Enterprise linux for ibm z systems eus 
Redhat -> Enterprise linux for power little endian 
Redhat -> Enterprise linux for power little endian eus 
Redhat -> Enterprise linux for real time 
Redhat -> Enterprise linux for real time for nfv 
Redhat -> Enterprise linux for real time for nfv tus 
Redhat -> Enterprise linux for real time tus 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server for power little endian update services for sap solutions 
Redhat -> Enterprise linux server tus 
Ovirt -> Ovirt-engine 
Linux -> Linux kernel 
Fedoraproject -> Fedora 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=2060795
https://dirtypipe.cm4all.com/
http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html
http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html
http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html

Copyright 2024, cxsecurity.com

 

Back to Top