#VU61110 Use of uninitialized resource in Linux kernel


Published: 2022-03-08 | Updated: 2023-07-10

Vulnerability identifier: #VU61110

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0847

CWE-ID: CWE-908

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an uninitialized resources. A local user can overwrite arbitrary file in the page cache, even if the file is read-only, and execute arbitrary code on the system with elevated privileges.

The vulnerability was dubbed Dirty Pipe.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://dirtypipe.cm4all.com/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Fortinet products update for Linux kernel
Multiple vulnerabilities in Juniper Networks Session Smart Router
Multiple vulnerabilities in OpenShift Virtualization 4.9
Privilege escalation in kata-containers
Privilege escalation in SonicWall SMA 1000
Multiple vulnerabilities in DELL Secure Connect Gateway Security
Multiple vulnerabilities in Siemens SCALANCE LPE9403
Multiple vulnerabilities in Dell EMC NetWorker vProxy
Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.3
Multiple vulnerabilities in Red Hat Virtualization