CVE-2022-0847

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.8 through 5.16.10 Linux kernel versions 5.10 through 5.10.101 Linux kernel versions 5.15 through 5.15.24 Android (affected versions not specified)

Description A flaw exists in the Linux kernel where the flags member of the new pipe buffer structure is not properly initialized within the copy page to iter pipe() and push pipe() functions. This lack of initialization can lead to the presence of stale values, allowing an unprivileged local user to write to pages in the page cache that are backed by read-only files. This can be exploited to overwrite arbitrary data in read-only files, such as /etc/passwd, inject code from unprivileged processes into privileged ones, and escalate privileges to root. On Android devices, this can be leveraged by malicious applications to elevate their restricted privileges. Real-world incidents have shown this issue being used to escalate privileges and establish command-and-control communications via Discord.

Recommendations Update to version 5.16.11, 5.15.25, or 5.10.102. Apply the security updates released on February 24 for the Android kernel.