Privilege escalation in kata-containers

Published: 2022-08-18 | Updated: 2022-12-22
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-0847
Exploitation vector Local
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software
Kata Containers
Server applications / Virtualization software

Vendor Kata Containers

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use of uninitialized resource

EUVDB-ID: #VU61110

Risk: Low


CVE-ID: CVE-2022-0847

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: Yes


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an uninitialized resources. A local user can overwrite arbitrary file in the page cache, even if the file is read-only, and execute arbitrary code on the system with elevated privileges.

The vulnerability was dubbed Dirty Pipe.


Install update from vendor's website.

Vulnerable software versions

Kata Containers: 2.0.0 - 2.4.3

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?