CVE-2022-0847

Published Mar 10, 2022

Last updated 7 months ago

Exploit knownCVSS high 7.8
Dirty Pipe
Docker
Sonicwall
Container Security

Overview

AI description

Automated description summarized from trusted sources.

CVE-2022-0847, commonly known as "Dirty Pipe," is a vulnerability discovered in the Linux kernel. The flaw stems from improper initialization of the "flags" member within the new pipe buffer structure in the `copy_page_to_iter_pipe` and `push_pipe` functions. This oversight could lead to stale values being present in the flags, affecting Linux kernel versions 5.8 and later. This vulnerability allows an unprivileged local user to write to pages in the page cache that are backed by read-only files. By exploiting this ability to overwrite data in arbitrary read-only files, an attacker can achieve privilege escalation on the system. This includes the potential to modify sensitive files, such as root passwords or SUID binaries.

Description
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Source
secalert@redhat.com
NVD status
Analyzed
Products
linux_kernel, fedora, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_for_real_time, enterprise_linux_for_real_time_for_nfv, enterprise_linux_for_real_time_for_nfv_tus, enterprise_linux_for_real_time_tus, enterprise_linux_server_aus, enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, enterprise_linux_server_tus, enterprise_linux_server_update_services_for_sap_solutions, codeready_linux_builder, virtualization_host, ovirt-engine, h300s_firmware, h500s_firmware, h700s_firmware, h300e_firmware, h500e_firmware, h700e_firmware, h410s_firmware, h410c_firmware, scalance_lpe9403_firmware, sma1000_firmware

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
7.2
Impact score
10
Exploitability score
3.9
Vector string
AV:L/AC:L/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name
Linux Kernel Privilege Escalation Vulnerability
Exploit added on
Apr 25, 2022
Exploit action due
May 16, 2022
Required action
Apply updates per vendor instructions.

Weaknesses

secalert@redhat.com
CWE-665
nvd@nist.gov
CWE-665

Social media

Hype score
Not currently trending

  1. 2026 Linux 重置密码教程大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @furlingdu

    1 Jun 2026

    158 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300) -PinTheft (CVE-2026-43494)

    @luadoles

    22 May 2026

    193 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Linux 重置密码大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300) -PinTheft (CVE-2026-4

    @hsn8086k

    22 May 2026

    37707 Impressions

    101 Retweets

    633 Likes

    317 Bookmarks

    40 Replies

    7 Quotes

  4. 2026 Linux 如何重置密碼 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @sayaalauun

    14 May 2026

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Them: Linux is most secure OS Me: Yes - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @hetmehtaa

    14 May 2026

    72711 Impressions

    41 Retweets

    378 Likes

    163 Bookmarks

    40 Replies

    15 Quotes

  6. 2026 Linux 重置密码教程大全 - Dirty Cow (CVE-2016-5195) - Dirty Pipe (CVE-2022-0847) - io_uring UAF (CVE-2022-2602) - Copy Fail (CVE-2026-31431) - io_uring ZCRX freelist (CVE-2026-43121) - Dirty Frag (CVE-2026-43284 CVE-2026-43500) - Fragnesia (CVE-2026-46300)

    @hsn8086k

    14 May 2026

    69819 Impressions

    179 Retweets

    1061 Likes

    459 Bookmarks

    12 Replies

    11 Quotes

Configurations

Related CVEs

  1. CVE-2025-14269
  2. A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.CVE-2026-2340
  3. A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.CVE-2026-1933
  4. A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.CVE-2026-48864
  5. A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.CVE-2026-4480

References

Sources include official advisories and independent security research.