• Home
  • |
  • Blog
  • |
  • How To Fix The Dirty Pipe Vulnerability In Linux Kernel- CVE-2022-0847
How to Fix The Dirty Pipe Vulnerability in Linux Kernel- CVE-2022-0847

Max Kellermann, a developer from IONOS software, has identified a vulnerability in the Linux Kernel that allows overwriting data in arbitrary read-only files. The vulnerability has been tracked under the CVE ID CVE-2022-0847, with a CVSS score of 7.8 that enables attackers to perform privilege escalation by overwriting data in arbitrary read-only files. Attackers can abuse this overwrite flaw to escalate privileges and inject code from unprivileged processes to privileged processes. It is highly important for all Linux users to quickly address this vulnerability. Please read this post that helps you know how to fix the dirty pipe vulnerability in the Linux kernel.

Pipeline In Unix/Linux:

In Linux, Pipeline is an inter-process communication mechanism that takes the output of the first process and passes that to the second process as its input.

Summary Of CVE-2022-0847- The Dirty Pipe Vulnerability In Linux Kernel:

The vulnerability is due to an uninitialized “pipe_buffer.flags” variable, which overwrites any file contents in the page cache even if the file is not permitted to be written, immutable, or on a read-only mount, including CD-ROM mounts. That is because the page cache is always writable by the kernel, and writing to a pipe never checks any permissions. This enables attackers to perform privilege escalation by overwriting data in arbitrary read-only files and injecting code from unprivileged processes to privileged processes. Read comprehensive technical details from here.

Associated CVE IDCVE-2022-0847
DescriptionA vulnerability in the Linux kernel that allows overwriting data in arbitrary read-only files. 
Associated ZDI ID
CVSS Score7.8 High
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Local
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Kernel Version Affected By CVE-2022-0847- The Dirty Pipe Vulnerability In Linux Kernel:

The vulnerability exists in kernel versions starting from v5.8 all the way up to 5.15. We recommend all Linux admins and users check the version of the kernel your machine is currently running on. You can use this simple command to check the version of the kernel.

How to Fix CVE-2022-0847 on Ubuntu?

Note: Before you download and install it on your production server, we recommend testing this on a test machine. Don’t forget to take the full VM snapshot if are upgrading the kernel on a Virtual Image. Or, take filesystem back up if you have a physical server.

  1. Check the kernel version

    Before you start upgradation, check the version of the kernel your server has. What if the kernel version is not in the list of affected versions, If so, you can schedule this later as per your time.

    Run this command to check the kernel version.

    $ uname -rs

    Check the kernel version

  2. Download kernel modules 5.17

    Download the kernel packages directly from the kernel.ubuntu.com website. Download the latest version available (At the bottom) from the website to a dedicated directory. Change the permission of the files to execute.

    Create a directory in your path:

    $ mkdir /home/arunkl/kernel-5.17

    Change the directory:

    $ cd /home/arunkl/kernel-5.17/

    Download these two files (where X.Y.Z is the highest version):

    1. linux-image-*X.Y.Z*-generic-*.deb
    2. linux-modules-X.Y.Z*-generic-*.deb


    Commands to download the kernel v5.17

    $ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-image-unsigned-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb


    $ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-modules-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb


    Run this command to set the files permission to execution mode:

    $ chmod +x *.deb

    Download kernel modules 5.17

  3. Install kernel module 5.17

    Install the downloaded packages using the default dpkg utility then reboot the server.

    $ sudo dpkg –install *.deb
    $ reboot

    Install kernel module 5.17

  4. Check the kernel version after reboot

    Use the same command used in the first step. You will see an upgraded kernel version if everything goes well.

    $ uname -rs

    Check the kernel version after reboot

We hope this post will help you in knowing How to Fix The Dirty Pipe Vulnerability in Linux Kernel- CVE-2022-0847. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

To know more about me. Follow me on LinkedIn
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.