Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2022-0847
PUBLISHEDA flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and...
- Vendor
- Linux
- Product
- kernel
- Published
- Mar 07, 2022
- EPSS
- —
Description
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2022-04-25 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2060795
- https://dirtypipe.cm4all.com/
- http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html
- http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html
- http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html
- https://www.suse.com/support/kb/doc/?id=000020603
- https://security.netapp.com/advisory/ntap-20220325-0005/
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
- http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 25, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve_2022_0847_dirtypipe.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-07-06 01:31:01 UTC · 8 stars
An eBPF program to detect attacks on CVE-2022-0847
github · Created 2023-04-26 13:37:14 UTC · 2 stars
A simple exploit that uses dirtypipe to inject shellcode into runC entrypoint to implement container escapes.
github · Created 2023-01-24 08:44:32 UTC · 2 stars
Drity Pipe Linux Kernel 1-Day Exploit
github · Created 2023-01-04 12:17:12 UTC · 0 stars
github · Created 2022-08-18 03:06:15 UTC · 5 stars
CVE-2022-0847 used to achieve container escape 利用CVE-2022-0847 (Dirty Pipe) 实现容器逃逸
github · Created 2022-08-13 16:58:40 UTC · 2 stars
Modified dirtypipe script into auto root without have to search a file manually to hijack suid binary.
github · Created 2022-08-01 14:14:40 UTC · 2 stars
COMPILED
github · Created 2022-06-04 08:31:32 UTC · 32 stars
CVE-2022-0847 used to achieve container escape 利用CVE-2022-0847 (Dirty Pipe) 实现容器逃逸
github · Created 2022-05-17 04:23:34 UTC · 2 stars
This repository is developed to analysis and understand DirtyPipe exploit CVE-2022-0847
github · Created 2022-03-22 03:17:51 UTC · 2 stars
Dirty Pipe - CVE-2022-0847
github · Created 2022-03-18 22:51:02 UTC · 8 stars
Hacked up Dirty Pipe (CVE-2022-0847) PoC that hijacks a SUID binary to spawn a root shell. (and attempts to restore the damaged binary as well)
github · Created 2022-03-15 11:25:19 UTC · 4 stars
Python script to check if your kernel is vulnerable to Dirty pipe CVE-2022-0847
github · Created 2022-03-13 05:51:06 UTC · 3 stars
CVE-2022-0847 (Dirty Pipe) is an arbitrary file overwrite vulnerability that allows escalation of privileges by modifying or overwriting arbitrary read-only files e.g. /etc/passwd, /etc/shadow.
github · Created 2022-03-12 20:57:24 UTC · 597 stars
A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
github · Created 2022-03-12 11:31:46 UTC · 6 stars
my personal exploit of CVE-2022-0847(dirty pipe)
github · Created 2022-03-10 01:27:29 UTC · 25 stars
CVE-2022-0847 POC and Docker and Analysis write up
github · Created 2022-03-09 05:22:20 UTC · 7 stars
github · Created 2022-03-09 01:55:04 UTC · 2 stars
A “Dirty Pipe” vulnerability with CVE-2022-0847 and a CVSS score of 7.8 has been identified, affecting Linux Kernel 5.8 and higher. The vulnerability allows attackers to overwrite data in read-only files. Threat actors can exploit this vulnerability to privilege themselves with code injection.
github · Created 2022-03-08 17:13:24 UTC · 67 stars
Bash script to check for CVE-2022-0847 "Dirty Pipe"
github · Created 2022-03-08 14:46:21 UTC · 2 stars
github · Created 2022-03-08 13:48:55 UTC · 47 stars
The Dirty Pipe Vulnerability
github · Created 2022-03-08 10:40:07 UTC · 1 stars
An exploit for CVE-2022-0847 dirty-pipe vulnerability
github · Created 2022-03-08 09:10:51 UTC · 58 stars
Linux Kernel Local Privilege Escalation Vulnerability CVE-2022-0847.
github · Created 2022-03-08 01:17:09 UTC · 1 stars
github · Created 2022-03-07 18:55:20 UTC · 1099 stars
A root exploit for CVE-2022-0847 (Dirty Pipe)
github · Created 2022-03-07 18:36:50 UTC · 280 stars
CVE-2022-0847-DirtyPipe-Exploit CVE-2022-0847 是存在于 Linux内核 5.8 及之后版本中的本地提权漏洞。攻击者通过利用此漏洞,可覆盖重写任意可读文件中的数据,从而可将普通权限的用户提升到特权 root。 CVE-2022-0847 的漏洞原理类似于 CVE-2016-5195 脏牛漏洞(Dirty Cow),但它更容易被利用。漏洞作者将此漏洞命名为“Dirty Pipe”
github · Created 2022-03-07 17:51:02 UTC · 9 stars
Vulnerability in the Linux kernel since 5.8
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit