CVE-2022-0847

HIGH

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 3/10/2022Modified: 11/6/2025

Related Intelligence (2)

CRITICALVulnerability

New ‘Dirty Frag’ exploit targets Linux kernel for root access

A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fragment handling components, are already seeing active exploitation in the wild. The exploitation attempts look indistingu

CVE-2026-43284CVE-2026-43500
CSO Online
CRITICALSupply Chain

‘Trivial’ exploit can give attackers root access to Linux kernel

CSOs must ensure their Linux-based systems block unauthorized privilege escalation until distros release patches to plug a serious kernel vulnerability affecting all Linux distributions shipped since 2017. Until fixes are available for what’s been dubbed the Copy Fail logic bug ( CVE-2026-31431 ), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich , dea

CVE-2026-31431CVE-2016-5195
CSO Online

References (21)

http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.htmlExploitThird Party Advisoryhttp://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.htmlExploitThird Party Advisoryhttp://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.htmlExploitThird Party Advisoryhttp://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.htmlThird Party AdvisoryVDB Entryhttps://bugzilla.redhat.com/show_bug.cgi?id=2060795Issue TrackingPatchhttps://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdfThird Party Advisoryhttps://dirtypipe.cm4all.com/ExploitThird Party Advisoryhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015Third Party Advisoryhttps://security.netapp.com/advisory/ntap-20220325-0005/Third Party Advisoryhttps://www.suse.com/support/kb/doc/?id=000020603Third Party Advisoryhttp://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.htmlExploitThird Party Advisoryhttp://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.htmlExploitThird Party Advisoryhttp://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.htmlExploitThird Party Advisoryhttp://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.htmlThird Party AdvisoryVDB Entryhttps://bugzilla.redhat.com/show_bug.cgi?id=2060795Issue TrackingPatchhttps://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdfThird Party Advisoryhttps://dirtypipe.cm4all.com/ExploitThird Party Advisoryhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015Third Party Advisoryhttps://security.netapp.com/advisory/ntap-20220325-0005/Third Party Advisoryhttps://www.suse.com/support/kb/doc/?id=000020603Third Party Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0847US Government Resource