PT-2022-1364 · Linux+11 · Linux Kernel+11
Max Kellermann
·
Published
2016-10-19
·
Updated
2026-06-17
·
CVE-2022-0847
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 5.8 through 5.16.10
Linux kernel versions 5.15 through 5.15.24
Linux kernel versions 5.10 through 5.10.101
Description
A flaw exists in the Linux kernel where the
flags member of the new pipe buffer structure is not properly initialized within the copy page to iter pipe() and push pipe() functions, potentially containing stale values. This allows an unprivileged local user to write to pages in the page cache backed by read-only files. Exploitation can lead to privilege escalation, enabling attackers to overwrite arbitrary read-only files such as /etc/passwd, inject code from unprivileged processes into privileged ones, create unauthorized user accounts, or add SSH keys to the root account. This issue also affects Android devices based on the vulnerable kernel versions, where malicious applications can use it to elevate privileges. Real-world incidents have shown this flaw being used to escalate privileges followed by the use of Discord for command-and-control communications.Recommendations
Update Linux kernel to version 5.16.11 or newer.
Update Linux kernel to version 5.15.25 or newer.
Update Linux kernel to version 5.10.102 or newer.
Exploit
Fix
DoS
RCE
LPE
Improper Initialization
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Zvirt Node