← back
CVE-2022-0847

CVE-2022-0847

CVSS 7.8 HIGHEPSS 89.1%● KEVCWE-665
In short

A Linux kernel flaw allows unprivileged users to write to read-only files through uninitialized memory in pipe functions, enabling privilege escalation on affected systems.

Technical detail

The vulnerability exists in copy_page_to_iter_pipe and push_pipe functions where the 'flags' member of the pipe buffer structure is not properly initialized, allowing stale values to persist. An unprivileged local attacker can exploit this to write arbitrary data to page cache pages backed by read-only files, bypassing access controls and escalating privileges.

Summary generated and translated by AI from the official description.
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · kernel
public PoCs found117
githubgithub.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit1128githubgithub.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits724githubgithub.com/r1is/CVE-2022-0847282githubgithub.com/Al1ex/CVE-2022-084790githubgithub.com/DataDog/dirtypipe-container-breakout-poc77githubgithub.com/basharkey/CVE-2022-0847-dirty-pipe-checker69githubgithub.com/ZZ-SOCMAP/CVE-2022-084758githubgithub.com/bbaranoff/CVE-2022-084750githubgithub.com/febinrev/dirtypipez-exploit49githubgithub.com/knqyf263/CVE-2022-084746githubgithub.com/greenhandatsjtu/CVE-2022-0847-Container-Escape37githubgithub.com/airbus-cert/dirtypipe-ebpf_detection29githubgithub.com/chenaotian/CVE-2022-084724githubgithub.com/ahrixia/CVE_2022_084721githubgithub.com/breachnix/dirty-pipe-poc15githubgithub.com/0xIronGoat/dirty-pipe14githubgithub.com/LudovicPatho/CVE-2022-0847_dirty-pipe10githubgithub.com/crusoe112/DirtyPipePython9githubgithub.com/crowsec-edtech/Dirty-Pipe9githubgithub.com/xndpxs/CVE-2022-08479githubgithub.com/h4ckm310n/CVE-2022-0847-eBPF8githubgithub.com/rexpository/linux-privilege-escalation8githubgithub.com/qwert419/linux-7githubgithub.com/drapl0n/dirtypipe7githubgithub.com/arttnba3/CVE-2022-08476githubgithub.com/4luc4rdr5290/CVE-2022-08476githubgithub.com/Mustafa1986/CVE-2022-0847-DirtyPipe-Exploit6githubgithub.com/KianaBin/CVE-2022-0847-Container-Escape5githubgithub.com/DanaEpp/pwncat_dirtypipe4githubgithub.com/nanaao/dirtyPipe-automaticRoot4githubgithub.com/eduquintanilha/CVE-2022-0847-DirtyPipe-Exploits3githubgithub.com/EagleTube/CVE-2022-08473githubgithub.com/MrP1xel/CVE-2022-0847-dirty-pipe-kernel-checker3githubgithub.com/Shotokhan/cve_2022_0847_shellcode3githubgithub.com/bluedragonsecurity/Linux-Kernel-Dirty-Pipe-Exploitation-Logic-Bug-3githubgithub.com/gyaansastra/CVE-2022-08473githubgithub.com/sa-infinity8888/Dirty-Pipe-CVE-2022-08473githubgithub.com/zzzchuu/Dirty-Pipe2githubgithub.com/0xeremus/dirty-pipe-poc2githubgithub.com/JlSakuya/CVE-2022-0847-container-escape2githubgithub.com/byteReaper77/Dirty-Pipe2githubgithub.com/mutur4/CVE-2022-08472githubgithub.com/dadhee/CVE-2022-0847_DirtyPipeExploit2githubgithub.com/CYB3RK1D/CVE-2022-0847-POC2githubgithub.com/jpts/CVE-2022-0847-DirtyPipe-Container-Breakout2githubgithub.com/tmoneypenny/CVE-2022-08472githubgithub.com/cspshivam/CVE-2022-0847-dirty-pipe-exploit2githubgithub.com/Gustavo-Nogueira/Dirty-Pipe-Exploits2githubgithub.com/mhanief/dirtypipe2githubgithub.com/puckiestyle/CVE-2022-08472githubgithub.com/VinuKalana/DirtyPipe-CVE-2022-08472githubgithub.com/ihenakaarachchi/debian11-dirty_pipe-patcher2githubgithub.com/karanlvm/DirtyPipe-Exploit2githubgithub.com/scopion/dirty-pipe1githubgithub.com/pashayogi/DirtyPipe1githubgithub.com/realbatuhan/dirtypipetester1githubgithub.com/muhammad1596/CVE-2022-0847-dirty-pipe-checker1githubgithub.com/mattlloyddavies/ps-lab-cve-2022-08471githubgithub.com/xiaoLvChen/CVE-2022-08471githubgithub.com/mrchucu1/CVE-2022-0847-Docker1githubgithub.com/lucksec/CVE-2022-08471githubgithub.com/ITMarcin2211/CVE-2022-0847-DirtyPipe-Exploit1githubgithub.com/b4dboy17/Dirty-Pipe-Oneshot1githubgithub.com/joeymeech/CVE-2022-0847-Exploit-Implementation1githubgithub.com/Mephierr/DirtyPipe_exploit1githubgithub.com/ayushx007/CVE-2022-0847-dirty-pipe-checker0githubgithub.com/si1ent-le/CVE-2022-08470githubgithub.com/bohr777/cve-2022-0847dirtypipe-exploit0githubgithub.com/Greetdawn/CVE-2022-0847-DirtyPipe0githubgithub.com/nanaao/Dirtypipe-exploit0githubgithub.com/AyoubNajim/cve-2022-0847dirtypipe-exploit0githubgithub.com/pentestblogin/pentestblog-CVE-2022-08470githubgithub.com/babyshen/CVE-2022-08470githubgithub.com/edsonjt81/CVE-2022-0847-Linux0githubgithub.com/V0WKeep3r/CVE-2022-0847-DirtyPipe-Exploit0githubgithub.com/osungjinwoo/CVE-2022-0847-Dirty-Pipe0githubgithub.com/Greetdawn/CVE-2022-0847-DirtyPipe-0githubgithub.com/githublihaha/DirtyPIPE-CVE-2022-08470githubgithub.com/stfnw/Debugging_Dirty_Pipe_CVE-2022-08470githubgithub.com/0xr1l3s/CVE-2022-08470githubgithub.com/tufanturhan/CVE-2022-0847-L-nux-PrivEsc0githubgithub.com/CPT-Jack-A-Castle/CVE-2022-08470githubgithub.com/isaiahsimeone/COMP3320-VAPT0githubgithub.com/jxpsx/CVE-2022-0847-DirtyPipe-Exploits0githubgithub.com/notl0cal/dpipe0githubgithub.com/edsonjt81/CVE-2022-0847-DirtyPipe-0githubgithub.com/DataFox/CVE-2022-08470githubgithub.com/pmihsan/Dirty-Pipe-CVE-2022-08470githubgithub.com/ajith737/Dirty-Pipe-CVE-2022-0847-POCs0githubgithub.com/orsuprasad/CVE-2022-0847-DirtyPipe-Exploits0githubgithub.com/jonathanbest7/cve-2022-08470githubgithub.com/ayushx007/CVE-2022-0847-DirtyPipe-Exploits0githubgithub.com/solomon12354/LockingGirl-----CVE-2022-0847-Dirty_Pipe_virus0githubgithub.com/letsr00t/CVE-2022-08470githubgithub.com/xsxtw/CVE-2022-08470githubgithub.com/muhammad1596/CVE-2022-0847-DirtyPipe-Exploits0githubgithub.com/aswanepo/DirtyPipe0githubgithub.com/JustinYe377/CTF-CVE-2022-08470githubgithub.com/mithunmadhukuttan/Dirty-Pipe-Exploit0githubgithub.com/SimoesCTT/Chrono-Drip-Temporal-Viscosity-Exploitation-Framework-CVE-2022-08470githubgithub.com/real-tim-johnston/megaquagga-pentest-report0githubgithub.com/JeevanAnand1202/Penetration-Test0githubgithub.com/gaganhm3018-art/CVE-2022-0847-Dirty-Pipe-0githubgithub.com/t1ckprivate/CVE-2022-0847-Dirty-Pipe0githubgithub.com/RogelioPumajulca/CVE-2022-08470githubgithub.com/cypherlobo/DirtyPipe-BSI0githubgithub.com/morgenm/dirtypipe0githubgithub.com/Scouserr/cve-2022-0847-poc-dockerimage0githubgithub.com/Shadow-Spinner/CVE-2022-08470githubgithub.com/honeyvig/CVE-2022-0847-DirtyPipe-Exploit0githubgithub.com/gladiator-07/CVE-2022-08470githubgithub.com/stfnw/reproducer-poc-CVE-2022-08470cve_referencepacketstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50808unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=2060795https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdfhttps://dirtypipe.cm4all.com/https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015https://security.netapp.com/advisory/ntap-20220325-0005/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0847https://www.suse.com/support/kb/doc/?id=000020603