⚠ Actively exploited
Added to CISA KEV on 2022-04-25. Federal agencies required to patch by 2022-05-16. Required action: Apply updates per vendor instructions..

CVE-2022-0847

CWE-665CWE-908Use of Uninitialized Resource28 documents17 sources
Severity
7.8HIGH
EPSS
81.6%
top 0.81%
CISA KEV
KEV
Added 2022-04-25
Due 2022-05-16
Exploit
Exploited in wild
Active exploitation observed
Affected products
20
Linux Linux KernelSiemens Scalance Lpe9403 FirmwareSonicwall Sma1000 Firmware+17 more
Timeline
PublishedMar 10
KEV addedApr 25
KEV dueMay 16
Latest updateSep 9
CISA Required Action: Apply updates per vendor instructions.

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

Android:linux_kernel::0:2022-05-05
NVDlinux/linux_kernel5.85.10.102+2
Debianlinux< 5.10.92-2+3
CVEListV5kernelLinux Kernel 5.17 rc6

Also affects: Enterprise Linux 8.0, 8.2, 8.4, 8, 8.1, Fedora 35

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
CVE-2022-0847: In multiple functions of iov_iter2022-05-01
OSV
CVE-2022-0847: A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_p2022-03-10
CVEList
CVE-2022-0847: A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_p2022-03-07
VulnCheck
Linux Kernel Privilege Escalation Vulnerability2022

💥Exploits & PoCs

2
Exploit-DB
Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe)2022-03-08
Metasploit
Dirty Pipe Local Privilege Escalation via CVE-2022-0847

🔍Detection Rules

1
YARA
Linux_Exploit_CVE_2022_0847_e831c285

📋Vendor Advisories

7
Android
CVE-2022-0847: pipes2022-05-01
CISA
Linux Kernel Privilege Escalation Vulnerability2022-04-25
Ubuntu
Linux kernel (Intel IOTG) vulnerabilities2022-04-01
Ubuntu
Linux kernel vulnerabilities2022-03-09
Microsoft
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus c2022-03-08

🕵️Threat Intelligence

12
Elastic
Detecting and responding to Dirty Pipe with Elastic — Elastic Security Labs2022-09-09
Trendmicro
Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One and Cloud One2022-04-06
Trendmicro
Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One and Cloud One2022-04-06
Trendmicro
Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One and Cloud One2022-04-06
Trendmicro
Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One and Cloud One2022-04-06