CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.4%
A flaw was found in the way the “flags” member of the new pipe buffer
structure was lacking proper initialization in copy_page_to_iter_pipe and
push_pipe functions in the Linux kernel and could thus contain stale
values. An unprivileged local user could use this flaw to write to pages in
the page cache backed by read only files and as such escalate their
privileges on the system.
Author | Note |
---|---|
mdeslaur | The specific flaw exists in the bionic and focal, but is not currently exploitable due to lack of a flag that was introduced in kernel 5.8. The flaw will be fixed as part of the next round of bionic and focal kernel updates in case some other way of exploiting it is discovered in the future. The hardware enablement kernel for focal, linux-hwe-5.13, was updated to fix this issue in USN-5317-1. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 21.10 | noarch | linux | < 5.13.0-35.40 | UNKNOWN |
ubuntu | 21.10 | noarch | linux-aws | < 5.13.0-1017.19 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.13 | < 5.13.0-1017.19~20.04.1 | UNKNOWN |
ubuntu | 21.10 | noarch | linux-azure | < 5.13.0-1017.19 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.13 | < 5.13.0-1017.19~20.04.1 | UNKNOWN |
ubuntu | 21.10 | noarch | linux-gcp | < 5.13.0-1019.23 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gcp-5.13 | < 5.13.0-1019.23~20.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-hwe-5.13 | < 5.13.0-35.40~20.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-intel-5.13 | < 5.13.0-1010.10 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-intel-iotg-5.15 | < 5.15.0-1008.11~20.04.1 | UNKNOWN |
dirtypipe.cm4all.com/
launchpad.net/bugs/cve/CVE-2022-0847
nvd.nist.gov/vuln/detail/CVE-2022-0847
security-tracker.debian.org/tracker/CVE-2022-0847
ubuntu.com/security/notices/USN-5317-1
ubuntu.com/security/notices/USN-5362-1
wiki.ubuntu.com/SecurityTeam/KnowledgeBase/DirtyPipe
www.cve.org/CVERecord?id=CVE-2022-0847
www.openwall.com/lists/oss-security/2022/03/07/1
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.4%