Vulnerability Name:

CVE-2022-0847 (CCN-221112)

Assigned:2022-03-07
Published:2022-03-07
Updated:2022-12-09
Summary:A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.2 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.2 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.2 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-281
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2022-0847

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: CM4all Web site
The Dirty Pipe Vulnerability

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve20220847-priv-esc(221112)

Source: CCN
Type: Linux Kernel Web site
The Linux Kernel Archives

Source: CCN
Type: Packet Storm Security [03-08-2022]
Dirty Pipe Linux Privilege Escalation

Source: CCN
Type: Packet Storm Security [03-08-2022]
Dirty Pipe SUID Binary Hijack Privilege Escalation

Source: CCN
Type: Packet Storm Security [03-10-2022]
Dirty Pipe Local Privilege Escalation

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: oss-sec Mailing List, Mon, 7 Mar 2022 13:01:19 +0100
CVE-2022-0847: Linux kernel: overwriting read-only files

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-08-2022]

Source: CCN
Type: IBM Security Bulletin 6596971 (Spectrum Protect Plus)
Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:5.10:-:*:*:*:*:*:*
  • OR cpe:/a:linux:linux_kernel:5.15:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.16:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    		kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:8090
    P
    		reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7539
    P
    		kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3398
    P
    		wpa_supplicant-2.6-15.10.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3448
    P
    		busybox-1.21.1-3.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3453
    P
    		clamav-0.101.3-1.19 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3567
    P
    		libXtst6-1.2.2-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95083
    P
    		kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94590
    P
    		kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95197
    P
    		kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95028
    P
    		kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2960
    P
    		kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95078
    P
    		reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:6183
    P
    		Security update for the Linux Kernel (Important)
    2022-04-07
    oval:com.redhat.rhsa:def:20220819
    P
    		RHSA-2022:0819: kernel-rt security and bug fix update (Important)
    2022-03-10
    oval:com.redhat.rhsa:def:20220825
    P
    		RHSA-2022:0825: kernel security, bug fix, and enhancement update (Important)
    2022-03-10
    oval:org.opensuse.security:def:1601
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:118441
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:4702
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:42354
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:6184
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:4741
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:6361
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:42210
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:5361
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:102158
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:4306
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:119699
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:102311
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:100763
    P
    		 (Important)
    2022-03-08
    oval:org.opensuse.security:def:126975
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:1243
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:119137
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:102026
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:99758
    P
    		 (Important)
    2022-03-08
    oval:org.opensuse.security:def:42209
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:1759
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:125121
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:102360
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:118660
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:101656
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:127373
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:1446
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:119331
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:102126
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:100091
    P
    		 (Important)
    2022-03-08
    oval:org.opensuse.security:def:1816
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:125406
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:964
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:118836
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:101856
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:99222
    P
    		 (Important)
    2022-03-08
    oval:org.opensuse.security:def:1565
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:119514
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:118267
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:100429
    P
    		 (Important)
    2022-03-08
    oval:org.opensuse.security:def:42353
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:125812
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:1194
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:119026
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:101896
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:99496
    P
    		 (Important)
    2022-03-08
    BACK
    linux linux kernel 5.10 -
    linux linux kernel 5.15 -
    linux linux kernel 5.16 -
    ibm spectrum protect plus 10.1.0