Back to KEVs

CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 03, 2022
Published Date: March 07, 2022
Last Updated: February 04, 2025
Vendor: n/a
Product: kernel
Description: A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-04-25 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2022-08-01 14:14:40 UTC) Source

References

https://bugzilla.redhat.com/show_bug.cgi?id=2060795 https://dirtypipe.cm4all.com/ http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html https://www.suse.com/support/kb/doc/?id=000020603 https://security.netapp.com/advisory/ntap-20220325-0005/ https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015 http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-04-25 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve_2022_0847_dirtypipe.rb	2025-04-29 11:01:17 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

cve_2022_0847_dirtypipe

Type: metasploit • Created: Unknown

Metasploit module for CVE-2022-0847

h4ckm310n/CVE-2022-0847-eBPF

Type: github • Created: 2023-07-06 01:31:01 UTC • Stars: 8

An eBPF program to detect attacks on CVE-2022-0847

JlSakuya/CVE-2022-0847-container-escape

Type: github • Created: 2023-04-26 13:37:14 UTC • Stars: 2

A simple exploit that uses dirtypipe to inject shellcode into runC entrypoint to implement container escapes.

mutur4/CVE-2022-0847

Type: github • Created: 2023-01-24 08:44:32 UTC • Stars: 2

Drity Pipe Linux Kernel 1-Day Exploit

ajith737/Dirty-Pipe-CVE-2022-0847-POCs

Type: github • Created: 2023-01-04 12:17:12 UTC • Stars: 0

yoeelingBin/CVE-2022-0847-Container-Escape

Type: github • Created: 2022-08-18 03:06:15 UTC • Stars: 5

CVE-2022-0847 used to achieve container escape 利用CVE-2022-0847 (Dirty Pipe) 实现容器逃逸

EagleTube/CVE-2022-0847

Type: github • Created: 2022-08-13 16:58:40 UTC • Stars: 2

Modified dirtypipe script into auto root without have to search a file manually to hijack suid binary.

eduquintanilha/CVE-2022-0847-DirtyPipe-Exploits

Type: github • Created: 2022-08-01 14:14:40 UTC • Stars: 2

COMPILED

greenhandatsjtu/CVE-2022-0847-Container-Escape

Type: github • Created: 2022-06-04 08:31:32 UTC • Stars: 32

CVE-2022-0847 used to achieve container escape 利用CVE-2022-0847 (Dirty Pipe) 实现容器逃逸

VinuKalana/DirtyPipe-CVE-2022-0847

Type: github • Created: 2022-05-17 04:23:34 UTC • Stars: 2

This repository is developed to analysis and understand DirtyPipe exploit CVE-2022-0847

tmoneypenny/CVE-2022-0847

Type: github • Created: 2022-03-22 03:17:51 UTC • Stars: 2

Dirty Pipe - CVE-2022-0847

LudovicPatho/CVE-2022-0847_dirty-pipe

Type: github • Created: 2022-03-18 22:51:02 UTC • Stars: 8

Hacked up Dirty Pipe (CVE-2022-0847) PoC that hijacks a SUID binary to spawn a root shell. (and attempts to restore the damaged binary as well)

MrP1xel/CVE-2022-0847-dirty-pipe-kernel-checker

Type: github • Created: 2022-03-15 11:25:19 UTC • Stars: 4

Python script to check if your kernel is vulnerable to Dirty pipe CVE-2022-0847

CYB3RK1D/CVE-2022-0847-POC

Type: github • Created: 2022-03-14 13:21:25 UTC • Stars: 2

dirtypipe

sa-infinity8888/Dirty-Pipe-CVE-2022-0847

Type: github • Created: 2022-03-13 05:51:06 UTC • Stars: 3

CVE-2022-0847 (Dirty Pipe) is an arbitrary file overwrite vulnerability that allows escalation of privileges by modifying or overwriting arbitrary read-only files e.g. /etc/passwd, /etc/shadow.

AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits

Type: github • Created: 2022-03-12 20:57:24 UTC • Stars: 597

A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.

arttnba3/CVE-2022-0847

Type: github • Created: 2022-03-12 11:31:46 UTC • Stars: 6

my personal exploit of CVE-2022-0847(dirty pipe)

chenaotian/CVE-2022-0847

Type: github • Created: 2022-03-10 01:27:29 UTC • Stars: 25

CVE-2022-0847 POC and Docker and Analysis write up

gyaansastra/CVE-2022-0847

Type: github • Created: 2022-03-09 15:44:58 UTC • Stars: 2

Dirty Pipe POC

Mustafa1986/CVE-2022-0847-DirtyPipe-Exploit

Type: github • Created: 2022-03-09 05:22:20 UTC • Stars: 7

Al1ex/CVE-2022-0847

Type: github • Created: 2022-03-09 02:47:08 UTC • Stars: 80

CVE-2022-0847

dadhee/CVE-2022-0847_DirtyPipeExploit

Type: github • Created: 2022-03-09 01:55:04 UTC • Stars: 2

A “Dirty Pipe” vulnerability with CVE-2022-0847 and a CVSS score of 7.8 has been identified, affecting Linux Kernel 5.8 and higher. The vulnerability allows attackers to overwrite data in read-only files. Threat actors can exploit this vulnerability to privilege themselves with code injection.