Dirty Pipe (CVE-2022-0847)
What is Dirty Pipe (CVE-2022-0847)?
Dirty Pipe (CVE-2022-0847)A Linux kernel flaw that lets an unprivileged process overwrite the contents of arbitrary read-only files, including SUID binaries, leading to root.
Dirty Pipe is a vulnerability in the Linux kernel pipe subsystem disclosed by Max Kellermann in March 2022 and tracked as CVE-2022-0847. It affects kernels 5.8 and later, including widely deployed Debian, Ubuntu and Android builds. The bug stems from an uninitialized PIPE_BUF_FLAG_CAN_MERGE flag in pipe buffer handling, which allows splicing page cache pages into a pipe and then overwriting them, even when the underlying file is read-only or owned by root. Working exploits include modifying /etc/passwd or hijacking SUID binaries such as su to gain root. Mitigation is upgrading to a patched kernel.
● Examples
- 01
An attacker overwrites the root password hash in /etc/passwd to gain a root shell.
- 02
A malicious app on an Android phone uses Dirty Pipe to overwrite a privileged system file.
● Frequently asked questions
What is Dirty Pipe (CVE-2022-0847)?
A Linux kernel flaw that lets an unprivileged process overwrite the contents of arbitrary read-only files, including SUID binaries, leading to root. It belongs to the Vulnerabilities category of cybersecurity.
What does Dirty Pipe (CVE-2022-0847) mean?
A Linux kernel flaw that lets an unprivileged process overwrite the contents of arbitrary read-only files, including SUID binaries, leading to root.
How does Dirty Pipe (CVE-2022-0847) work?
Dirty Pipe is a vulnerability in the Linux kernel pipe subsystem disclosed by Max Kellermann in March 2022 and tracked as CVE-2022-0847. It affects kernels 5.8 and later, including widely deployed Debian, Ubuntu and Android builds. The bug stems from an uninitialized PIPE_BUF_FLAG_CAN_MERGE flag in pipe buffer handling, which allows splicing page cache pages into a pipe and then overwriting them, even when the underlying file is read-only or owned by root. Working exploits include modifying /etc/passwd or hijacking SUID binaries such as su to gain root. Mitigation is upgrading to a patched kernel.
How do you defend against Dirty Pipe (CVE-2022-0847)?
Defences for Dirty Pipe (CVE-2022-0847) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Dirty Pipe (CVE-2022-0847)?
Common alternative names include: CVE-2022-0847.
● Related terms
- vulnerabilities№ 860
Privilege Escalation
A class of vulnerabilities that lets an attacker gain rights beyond those originally granted, such as moving from a normal user to administrator.
- vulnerabilities№ 885
PwnKit (CVE-2021-4034)
A local privilege-escalation vulnerability in the Polkit pkexec utility that lets any unprivileged user gain root on most Linux distributions.