CVE-2022-0847

Опубликовано: 10 мар. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Высокий

Описание

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Ссылки

http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2060795
Issue Tracking
Patch
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
Third Party Advisory
https://dirtypipe.cm4all.com/
Exploit
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220325-0005/
Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020603
Third Party Advisory
http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2060795
Issue Tracking
Patch
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
Third Party Advisory
https://dirtypipe.cm4all.com/
Exploit
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220325-0005/
Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020603
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.8 (включая) до 5.10.102 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.15 (включая) до 5.15.25 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 5.16.11 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 6

cpe:2.3:a:ovirt:ovirt-engine:4.4.10.2:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 14

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Конфигурация 15

Одновременно

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

Версия до 2.0 (исключая)

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Конфигурация 16

Одновременно

cpe:2.3:o:sonicwall:sma1000_firmware:*:*:*:*:*:*:*:*

Версия до 12.4.2-02044 (включая)

cpe:2.3:h:sonicwall:sma1000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.85239

Высокий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-665

Связанные уязвимости

CVE-2022-0847

CVSS3: 7.8

ubuntu

больше 3 лет назад

CVE-2022-0847

CVSS3: 7.8

redhat

больше 3 лет назад

CVE-2022-0847

CVSS3: 7.8

msrc

больше 3 лет назад

Описание отсутствует

CVE-2022-0847

CVSS3: 7.8

debian

больше 3 лет назад

A flaw was found in the way the "flags" member of the new pipe buffer ...

ELSA-2022-9213

oracle-oval

больше 3 лет назад

ELSA-2022-9213: Unbreakable Enterprise kernel-container security update (IMPORTANT)

EPSS

Процентиль: 99%

0.85239

Высокий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-665