CVE-2022-0847

CVE Database · CVE-2022-0847

CVE-2022-0847

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

89.06%

Published

Mar 10, 2022

Modified

Nov 6, 2025

CISA Known Exploited Vulnerability

Added: 2022-04-25 · Due: 2022-05-16

Apply updates per vendor instructions.

Public PoC / Exploit (10)

All weaponized →

Exploit-DBLinux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe)TrickestTrickest PoC index GitHub PoCArinerron/CVE-2022-0847-DirtyPipe-Exploit★1127 GitHub PoCAlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits★721 GitHub PoCr1is/CVE-2022-0847★281 GitHub PoCAl1ex/CVE-2022-0847★90 GitHub PoCDataDog/dirtypipe-container-breakout-poc★77 GitHub PoCbasharkey/CVE-2022-0847-dirty-pipe-checker★69 GitHub PoCZZ-SOCMAP/CVE-2022-0847★58 GitHub PoCbbaranoff/CVE-2022-0847★50

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-665CWE-665

Affected Products (59)

linux · linux_kernel (up to 5.10.102)vulnerable

linux · linux_kernel (up to 5.15.25)vulnerable

linux · linux_kernel (up to 5.16.11)vulnerable

fedoraproject · fedoravulnerable

redhat · enterprise_linuxvulnerable

redhat · enterprise_linux_eusvulnerable

redhat · enterprise_linux_for_ibm_z_systemsvulnerable

redhat · enterprise_linux_for_ibm_z_systems_eusvulnerable

References (20)

http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs

redhat · enterprise_linux_for_ibm_z_systems_eus

redhat · enterprise_linux_for_power_little_endianvulnerable

redhat · enterprise_linux_for_power_little_endian_eusvulnerable

redhat · enterprise_linux_for_real_timevulnerable

redhat · enterprise_linux_for_real_time_for_nfvvulnerable

redhat · enterprise_linux_for_real_time_for_nfv_tusvulnerable

redhat · enterprise_linux_for_real_time_tusvulnerable

redhat · enterprise_linux_server_ausvulnerable

redhat · enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsvulnerable

redhat · enterprise_linux_server_tusvulnerable

redhat · enterprise_linux_server_update_services_for_sap_solutionsvulnerable

redhat · codeready_linux_buildervulnerable

redhat · enterprise_linux

redhat · enterprise_linux_eus

redhat · enterprise_linux_for_power_little_endian

redhat · enterprise_linux_for_power_little_endian_eus

redhat · virtualization_hostvulnerable

redhat · enterprise_linux

ovirt · ovirt-enginevulnerable

netapp · h300s_firmwarevulnerable

netapp · h500s_firmwarevulnerable

netapp · h700s_firmwarevulnerable

netapp · h300e_firmwarevulnerable

netapp · h500e_firmwarevulnerable

netapp · h700e_firmwarevulnerable

Issue TrackingPatchThird Party Advisory

https://dirtypipe.cm4all.com/

ExploitThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2060795

Issue TrackingPatchThird Party Advisory

https://dirtypipe.cm4all.com/

ExploitThird Party Advisory