VDB
DEBIAN-CVE-2022-0847
DEBIAN-CVE-2022-0847
PUBLISHED
CVSS 7.800000190734863 HIGH
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 5.10.84-1, 5.10.46-5, 0 |
| Debian:12 | linux | 0, 0, 0 |
| Debian:13 | linux | 0, 0, 0 |
| Debian:14 | linux | 0, 0, 0 |
Exploit Intelligence
- Working Dirty Pipe (CVE-2022-0847) exploit tool with root access and file overwrites. (github-poc-repo)
- Working Dirty Pipe (CVE-2022-0847) exploit tool with root access and file overwrites. (github-poc)
- t1ckprivate/CVE-2022-0847-Dirty-Pipe (github-poc)
- CVE-2022-0847 used to achieve container escape 利用CVE-2022-0847 (Dirty Pipe) 实现容器逃逸 (github-poc)
- t1ckprivate/CVE-2022-0847-Dirty-Pipe (github-poc-repo)
- CVE-2022-0847 used to achieve container escape 利用CVE-2022-0847 (Dirty Pipe) 实现容器逃逸 (github-poc-repo)
- CVE-2022-0847-DirtyPipe-Exploit CVE-2022-0847 是存在于 Linux内核 5.8 及之后版本中的本地提权漏洞。攻击者通过利用此漏洞,可覆盖重写任意可读文件中的数据,从而可将普通权限的用户提升到特权 root。 CVE-2022-0847 的漏洞原理类似于 CVE-2016-5195 脏牛漏洞(Dirty Cow),但它更容易被利用。漏洞作者将此漏洞命名为“Dirty Pipe” (github-poc-repo)
- orsuprasad/CVE-2022-0847-DirtyPipe-Exploits (github-poc-repo)
- A simple exploit that uses dirtypipe to inject shellcode into runC entrypoint to implement container escapes. (github-poc-repo)
- check cve-2022-0847 (github-poc-repo)
…and 161 more exploits
Timeline
- Mar 10, 2022 CVE Published
- Apr 28, 2026 CVE Updated