Linux Kernel privilege escalation | CVE-2022-0847
NAME
Linux Kernel privilege escalation
- Platforms Affected:
Linux Kernel 5.10
Linux Kernel 5.15
Linux Kernel 5.16 - Risk Level:
7.8 - Exploitability:
Proof of Concept - Consequences:
Gain Privileges
DESCRIPTION
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper initialization in the copy_page_to_iter_pipe and push_pipe functions. By writing to pages in the page cache backed by read only files, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Linux Kernel (5.10.102, 5.15.25, 5.16.11 or later), available from the Linux Kernel Web site. See References.
- Reference Link:
https://seclists.org/oss-sec/2022/q1/170 - Reference Link:
https://dirtypipe.cm4all.com/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
