PT-2022-1364 · Linux+11 · Linux Kernel+11

Max Kellermann

·

Published

2016-10-19

·

Updated

2026-06-17

·

CVE-2022-0847

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.8 through 5.16.10 Linux kernel versions 5.15 through 5.15.24 Linux kernel versions 5.10 through 5.10.101
Description A flaw exists in the Linux kernel where the flags member of the new pipe buffer structure is not properly initialized within the copy page to iter pipe() and push pipe() functions, potentially containing stale values. This allows an unprivileged local user to write to pages in the page cache backed by read-only files. Exploitation can lead to privilege escalation, enabling attackers to overwrite arbitrary read-only files such as /etc/passwd, inject code from unprivileged processes into privileged ones, create unauthorized user accounts, or add SSH keys to the root account. This issue also affects Android devices based on the vulnerable kernel versions, where malicious applications can use it to elevate privileges. Real-world incidents have shown this flaw being used to escalate privileges followed by the use of Discord for command-and-control communications.
Recommendations Update Linux kernel to version 5.16.11 or newer. Update Linux kernel to version 5.15.25 or newer. Update Linux kernel to version 5.10.102 or newer.

Exploit

Fix

DoS

RCE

LPE

Improper Initialization

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2021_1093
ALSA-2021_2168
ALSA-2022:0825
ALSA-2022_0825
ALSA-2024_2394
ALSA-2025_16880
ALT-PU-2016-2128
ALT-PU-2016-2139
ALT-PU-2016-2147
ALT-PU-2021-1447
ALT-PU-2021-1525
ALT-PU-2021-1869
ALT-PU-2021-1888
ALT-PU-2021-1896
ALT-PU-2022-1387
ALT-PU-2022-1388
ALT-PU-2022-1410
ALT-PU-2022-1411
ALT-PU-2022-1413
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2022-1432
ALT-PU-2022-1441
ALT-PU-2022-1456
ALT-PU-2022-1461
ALT-PU-2022-1462
ALT-PU-2022-1467
ALT-PU-2022-1531
ALT-PU-2022-1540
ASB-A-220741611
AZL-8900
BDU:2022-01166
CESA-2016_2098
CESA-2016_2105
CESA-2022_0819
CESA-2022_0825
CVE-2022-0847
DSA-3696-1
DSA-5092-1
ELSA-2016-2098
ELSA-2016-2105
ELSA-2016-3632
ELSA-2016-3633
ELSA-2016-3634
ELSA-2022-0825
ELSA-2022-9210
ELSA-2022-9211
ELSA-2022-9212
ELSA-2022-9213
ELSA-2022-9244
ELSA-2022-9245
ELSA-2022-9313
ELSA-2022-9314
MGASA-2022-0092
MGASA-2022-0095
OPENSUSE-SU-2016_2583-1
OPENSUSE-SU-2016_2584-1
OPENSUSE-SU-2016_2625-1
OPENSUSE-SU-2020_0554-1
OPENSUSE-SU-2022:0755-1
OPENSUSE-SU-2022:0760-1
OPENSUSE-SU-2022:0768-1
OPENSUSE-SU-2022_0755-1
OPENSUSE-SU-2022_0760-1
OPENSUSE-SU-2024:11910-1
OPENSUSE-SU-2024:13704-1
RHSA-2016_2098
RHSA-2016_2105
RHSA-2016_2110
RHSA-2016_2124
RHSA-2017_0372
RHSA-2022:0819
RHSA-2022:0820
RHSA-2022:0821
RHSA-2022:0822
RHSA-2022:0823
RHSA-2022:0825
RHSA-2022:0831
RHSA-2022:0841
RHSA-2022_0819
RHSA-2022_0825
RLSA-2022:0819
RLSA-2022:0825
RLSA-2022_0819
RLSA-2022_0825
SUSE-SU-2022:0755-1
SUSE-SU-2022:0757-1
SUSE-SU-2022:0759-1
SUSE-SU-2022:0760-1
SUSE-SU-2022:0761-1
SUSE-SU-2022:0763-1
SUSE-SU-2022:0764-1
SUSE-SU-2022:0765-1
SUSE-SU-2022:0766-1
SUSE-SU-2022:0767-1
SUSE-SU-2022:0768-1
SUSE-SU-2022_0755-1
SUSE-SU-2022_0757-1
SUSE-SU-2022_0759-1
SUSE-SU-2022_0760-1
USN-3105-1
USN-3106-1
USN-3106-2
USN-5317-1
USN-5362-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Zvirt Node