CISA KEV 정보
| 취약점명 | Linux Kernel Privilege Escalation Vulnerability |
|---|---|
| 설명 | Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe." |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-665 |
| 등록일 (KEV) | 2022-04-25 |
| 조치 기한 | 2022-05-16 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2022-0847 |
NVD 상세 정보
CVSS v3.1: 7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C설명: A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CWE: CWE-665 | CWE-665
참조
- http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html [Third Party Advisory, VDB Entry]
- https://bugzilla.redhat.com/show_bug.cgi?id=2060795 [Issue Tracking, Patch, Third Party Advisory]
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf [Third Party Advisory]
- https://dirtypipe.cm4all.com/ [Exploit, Third Party Advisory]
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015 [Third Party Advisory]
- https://security.netapp.com/advisory/ntap-20220325-0005/ [Third Party Advisory]
- https://www.suse.com/support/kb/doc/?id=000020603 [Third Party Advisory]
- http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html [Third Party Advisory, VDB Entry]
- https://bugzilla.redhat.com/show_bug.cgi?id=2060795 [Issue Tracking, Patch, Third Party Advisory]
- ... 외 6건
This product uses the NVD API but is not endorsed or certified by the NVD.