CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2060795	Issue Tracking Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf	Third Party Advisory
https://dirtypipe.cm4all.com/	Exploit Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220325-0005/	Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020603	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*

Configuration 4 (hide)

AND

cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*

Configuration 5 (hide)

AND

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:ovirt:ovirt-engine:4.4.10.2:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:sonicwall:sma1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma1000:-:*:*:*:*:*:*:*

History

02 Jul 2024, 17:05

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html -~~	() http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html - Third Party Advisory, VDB Entry

12 Jan 2024, 16:15

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html -

Information

Published : 2022-03-10 17:44

Updated : 2024-07-02 17:05

NVD link : CVE-2022-0847

Mitre link : CVE-2022-0847

CVE.ORG link : CVE-2022-0847

JSON object : View

Products Affected

netapp

h410s
h500s
h500e_firmware
h300e
h500e
h500s_firmware
h700e_firmware
h410c_firmware
h410s_firmware
h700e
h700s
h300s_firmware
h700s_firmware
h300e_firmware
h410c
h300s

redhat

enterprise_linux_for_power_little_endian
enterprise_linux_for_real_time_tus
enterprise_linux_server_aus
enterprise_linux_for_real_time
enterprise_linux_server_update_services_for_sap_solutions
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_eus
enterprise_linux_for_real_time_for_nfv
enterprise_linux_for_ibm_z_systems
enterprise_linux_server_tus
virtualization_host
enterprise_linux_for_power_little_endian_eus
codeready_linux_builder
enterprise_linux_for_real_time_for_nfv_tus
enterprise_linux
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

sonicwall

sma1000
sma1000_firmware

siemens

scalance_lpe9403_firmware
scalance_lpe9403

linux

linux_kernel

fedoraproject

fedora

ovirt

ovirt-engine

CWE

CWE-665

Improper Initialization

7.8 /10