QID 376451

Date Published: 2022-03-09

QID 376451: Linux Kernel Local Privilege Escalation Vulnerability (DirtyPipe)

The Linux Kernel is prone to a local privilege escalation vulnerability caused because of a flaw in the handling of pipe buffer flags..

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Affected Versions:
Linux kernel versions 5.8 prior to 5.17

Fixed Versions:
Linux Kernel 5.16.11, 5.15.25 and 5.10.102

QID Detection Logic:
This authenticated QID works by getting the version of the Linux Kernel with the following command: uname -rs

Successful exploitation of this vulnerability could allow an attacker to perform malicious actions with elevated privileges

  • CVSS V3 rated as High - 7.8 severity.
  • CVSS V2 rated as High - 7.2 severity.
    • Solution
    Customers can upgrade to latest kernel versions using kernel
    Vendor References

    CVEs related to QID 376451

    CVE-2022-0847 |
    Software Advisories
    Advisory ID Software Component Link
    Linux Kernel URL Logo git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/refs/?id=9d2231c5d74e13b2a0546fee6737ee4446017903
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].