CVE-2022-0847

Description from NVD

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Information Acquisition Date:2023-02-06T06:18Z

CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Partial	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://bugzilla.redhat.com/show_bug.cgi?id=2060795
source:MISC
tags:Issue Tracking Patch Third Party Advisory

https://dirtypipe.cm4all.com/
source:MISC
tags:Exploit Third Party Advisory

http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html
source:MISC
tags:Exploit Third Party Advisory VDB Entry

http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html
source:MISC
tags:Exploit Third Party Advisory VDB Entry

http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html
source:MISC
tags:Exploit Third Party Advisory VDB Entry

https://www.suse.com/support/kb/doc/?id=000020603
source:MISC
tags:Third Party Advisory

https://security.netapp.com/advisory/ntap-20220325-0005/
source:CONFIRM
tags:Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
source:CONFIRM
tags:Third Party Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
source:CONFIRM
tags:Third Party Advisory

This vulnerability may involve a PoC.

Description from Forti

RHSA-2022:0819-Security Advisory

Information Acquisition Date:2022/03/30

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag: Linux(7 tweets) OpenSSL(1 tweets) Oracle(1 tweets)

List of frequently cited URLs

URL	Num of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...	177
https://cvetrends.com	59
https://www.horizon3	51
http://twinybots.ch	29
http://cyberiqs.com/latestnews	28
https://lists.astaro.com/ASGV9-IPS-rules.html#0	17
https://thehackernews.com/2022/03/researchers-warn-of-linux...	12
https://redhuntlabs.com/blog/the-dirty-pipe-vulnerability.html	9
https://www.helpnetsecurity.com/2022/03/08/cve-2022-0847	8
https://youtu.be/af0PGYaqIWA	5
https://0x434b.dev/learning-linux-kernel-exploitation-part-...	5
https://security-tracker.debian.org/tracker/CVE-2022-0847	5
https://haxx.in/files/dirtypipez.c	4
https://lwn.net/Articles/887056	4
https://opsmtrs.com/3yzKsZo	4
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/1...	4
https://pwning.systems/posts/escaping-containers-for-fun	4
https://www.docker.com/blog/vulnerability-alert-avoiding-di...	4
https://www.horizon3.ai/f5-icontrol-rest-endpoint-authentic...	4
https://blog.aquasec.com/cve-2022-0847-dirty-pipe-linux-vul...	4
https://cloud.google.com/anthos/clusters/docs/on-prem/1.10/...	4
https://access.redhat.com/security/cve/cve-2022-0847	4
https://securityonline.info/dirty-pipe-cve-2022-0847-vulner...	4
http://feeds.feedburner.com/~ff/linuxquestions/latest?d=yIl...	4
https://ift.tt/l6YaZfJ	3
https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit	3
https://sysdig.com/blog/cve-2022-0847-dirty-pipe-sysdig	3
https://ubuntu.com/security/CVE-2022-0847	3
https://twitter.com/menztrual/status/1500809987722940416	3
https://tryhackme.com/room/dirtypipe	3
https://b.hatena.ne.jp/entry/s/knqyf263.hatenablog.com/entr...	3
https://reconshell.com/cve-2022-0847-dirtypipe-root-exploit	3
https://securelist.com/cve-2022-0847-aka-dirty-pipe-vulnera...	3
https://www.cybrary.it/course/exploitation-and-mitigation-d...	3
https://www.reddit.com/r/netsec/comments/tdtc2i/making_sens...	3
https://arstechnica.com/information-technology/2022/03/linu...	3
https://somoslibres.org/index.php/16-nieuws/seguridad/10935...	3
https://www.youtube.com/watch?v=af0PGYaqIWA	3
https://www.tarlogic.com/blog/dirty-pipe-vulnerability-cve-...	3
https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022...	3
https://www.codelivly.com/linux-privilege-escalation-dirtypipe	3
https://securityaffairs.co/wordpress/128780/hacking/dirty-p...	3
https://www.hackthebox.com/blog/Dirty-Pipe-Explained-CVE-20...	3
https://thestack.technology/dirty-pipe-exploited-linux-vuln...	3
https://www.marcolancini.it/2022/blog-cve-2022-0847-dirty-pipe	3
https://dirtypipe.cm4all.com	3
https://news.ycombinator.com/item?id=30917819	3
https://le-guide-du-secops.fr/2022/03/15/traitor-automatise...	3
https://www.hackingarticles.in/linux-privilege-escalation-d...	3
https://knqyf263.hatenablog.com/entry/2022/03/11/105130	3
https://research.trendmicro.com/3xskZTk	3
https://www.bleepingcomputer.com/news/security/new-linux-bu...	3
https://security.samsungmobile.com/securityUpdate.smsb	3
https://rssfeeds.cloudsite.builders/2022/03/09/dirtypipe-cv...	3

Information from Twitter

User	URL	Info Source	Date
reverseame	https://www.codelivly.com/linux-privilege-escalation-dirtypipe	Source reverseame 1633723555920658432	2023/03/09
decodebytes	https://twitter.com/decodebytes/status/1635972060647247872/...	Source decodebytes 1635972060647247872	2023/03/15
LeighGi66657535	https://twitter.com/LeighGi66657535/status/1642631264262844...	Source LeighGi66657535 1642631264262844418	2023/04/03
FortinetGuide	http://dlvr.it/SmKgQb	Source FortinetGuide 1645856042268635136	2023/04/12
WolfgangSesin	http://www.sesin.at	Source WolfgangSesin 1645955174530162690	2023/04/12
WolfgangSesin	https://www.sesin.at/2023/04/12/cve-2022-0847-on-linux-kernel/	Source WolfgangSesin 1645955174530162690	2023/04/12
www_sesin_at	http://www.sesin.at	Source www_sesin_at 1645955176618946561	2023/04/12
www_sesin_at	https://www.sesin.at/2023/04/12/cve-2022-0847-on-linux-kernel/	Source www_sesin_at 1645955176618946561	2023/04/12
root_angel01	https://tryhackme.com/room/dirtypipe	Source root_angel01 1646232711680471040	2023/04/13

List of frequently cited URLs

URL	Num of Times Referred to
alerts.vulmon.com	177
cvetrends.com	59
www.horizon3	51
twinybots.ch	29
cyberiqs.com	28
lists.astaro.com	17
thehackernews.com	12
redhuntlabs.com	9
www.helpnetsecurity.com	8
youtu.be	5
0x434b.dev	5
security-tracker.debian.org	5
haxx.in	4
lwn.net	4
opsmtrs.com	4
www.cisa.gov	4
pwning.systems	4
www.docker.com	4
www.horizon3.ai	4
blog.aquasec.com	4
cloud.google.com	4
access.redhat.com	4
securityonline.info	4
feeds.feedburner.com	4
ift.tt	3
github.com	3
sysdig.com	3
ubuntu.com	3
twitter.com	3
tryhackme.com	3
b.hatena.ne.jp	3
reconshell.com	3
securelist.com	3
www.cybrary.it	3
www.reddit.com	3
arstechnica.com	3
somoslibres.org	3
www.youtube.com	3
www.tarlogic.com	3
lolcads.github.io	3
www.codelivly.com	3
securityaffairs.co	3
www.hackthebox.com	3
thestack.technology	3
www.marcolancini.it	3
dirtypipe.cm4all.com	3
news.ycombinator.com	3
le-guide-du-secops.fr	3
www.hackingarticles.in	3
knqyf263.hatenablog.com	3
research.trendmicro.com	3
www.bleepingcomputer.com	3
security.samsungmobile.com	3
rssfeeds.cloudsite.builders	3

Information from Twitter

User	URL	Info Source
reverseame	codelivly.com	Show Tweet
decodebytes	twitter.com	Show Tweet
LeighGi66657535	twitter.com	Show Tweet
FortinetGuide	dlvr.it	Show Tweet
WolfgangSesin	sesin.at	Show Tweet
WolfgangSesin	sesin.at	Show Tweet
www_sesin_at	sesin.at	Show Tweet
www_sesin_at	sesin.at	Show Tweet
root_angel01	tryhackme.com	Show Tweet

GitHub Search Results: Up to 10

Name	URL
Arinerron/CVE-2022-0847-DirtyPipe-Exploit	https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit
imfiver/CVE-2022-0847	https://github.com/imfiver/CVE-2022-0847
bbaranoff/CVE-2022-0847	https://github.com/bbaranoff/CVE-2022-0847
AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits	https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
febinrev/dirtypipez-exploit	https://github.com/febinrev/dirtypipez-exploit
antx-code/CVE-2022-0847	https://github.com/antx-code/CVE-2022-0847
Al1ex/CVE-2022-0847	https://github.com/Al1ex/CVE-2022-0847
ahrixia/CVE_2022_0847	https://github.com/ahrixia/CVE_2022_0847
DataDog/dirtypipe-container-breakout-poc	https://github.com/DataDog/dirtypipe-container-breakout-poc
basharkey/CVE-2022-0847-dirty-pipe-checker	https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker

GitHub Search Results: Up to 10

Name	URL
Arinerron/CVE-2022-0847-DirtyPipe-Exploit	github.com
imfiver/CVE-2022-0847	github.com
bbaranoff/CVE-2022-0847	github.com
AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits	github.com
febinrev/dirtypipez-exploit	github.com
antx-code/CVE-2022-0847	github.com
Al1ex/CVE-2022-0847	github.com
ahrixia/CVE_2022_0847	github.com
DataDog/dirtypipe-container-breakout-poc	github.com
basharkey/CVE-2022-0847-dirty-pipe-checker	github.com

2023/04/13 Score : 0
Added Har-sia Database : 2022/03/07
Last Modified : 2023/04/13
Highest Scored Date : 2022/03/08
Highest Score : 274