CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (CVE-2022-0847). A local attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847

githubexploit 68

nessus 43

oraclelinux 7

cve 1

openvas 16

redhat 8

attackerkb 1

redos 1

rapid7blog 4

trendmicroblog 1

redhatcve 1

hivepro 1

prion 1

osv 6

packetstorm 1

f5 1

zdt 4

thn 4

checkpoint_advisories 1

fortinet 1

securelist 1

ubuntucve 1

metasploit 1

cisa_kev 1

debiancve 1

cbl_mariner 1

exploitdb 1

photon 3

malwarebytes 1

threatpost 2

rocky 4

mageia 2

trellix 2

ubuntu 1

suse 2

slackware 1

almalinux 1

debian 1

ics 1

githubexploit

Exploit for Improper Initialization in Linux Linux Kernel

2022-03-14 03:58:21

Exploit for Improper Initialization in Linux Linux Kernel

2022-03-15 08:54:38

Exploit for Improper Initialization in Linux Linux Kernel

2022-12-21 16:34:18

nessus

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9213)

2022-03-10 00:00:00

Siemens SCALANCE LPE940 Improper Preservation of Permissions (CVE-2022-0847)

2023-04-11 00:00:00

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9210)

2022-03-11 00:00:00

oraclelinux

Unbreakable Enterprise kernel-container security update

2022-03-10 00:00:00

Unbreakable Enterprise kernel-container security update

2022-03-10 00:00:00

Unbreakable Enterprise kernel security update

2022-03-10 00:00:00

cve

CVE-2022-0847

2022-03-10 17:44:00

openvas

QNAP QuTScloud Privilege Escalation Vulnerability (QSA-22-05)

2022-05-30 00:00:00

QNAP QuTS hero Privilege Escalation Vulnerability (QSA-22-05)

2022-05-30 00:00:00

QNAP QTS Privilege Escalation Vulnerability (QSA-22-05)

2022-03-22 00:00:00

redhat

(RHSA-2022:0831) Important: kernel security update

2022-03-10 14:47:58

(RHSA-2022:0822) Important: kernel-rt security update

2022-03-10 14:40:36

(RHSA-2022:0820) Important: kernel security, bug fix, and enhancement update

2022-03-10 14:39:03

attackerkb

CVE-2022-0847

2022-03-10 00:00:00

redos

ROS-20220314-02

2022-03-14 00:00:00

rapid7blog

CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel

2022-03-09 22:25:34

Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388

2022-05-09 17:57:00

Metasploit Weekly Wrap-Up

2022-03-11 20:26:58

trendmicroblog

Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One™ and Cloud One™

2022-04-06 00:00:00

redhatcve

CVE-2022-0847

2022-03-07 12:28:23

hivepro

Dirty Pipe: A privilege escalation vulnerability in Linux Kernel

2022-03-08 16:41:45

prion

Design/Logic Flaw

2022-03-10 17:44:00

osv

Linux kernel bug allows writing to arbitrary files, bypassing file permissions, immutability, snapshots and read-only mounts

2022-05-01 00:00:00

linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities

2022-03-09 00:00:42

Important: kernel-rt security and bug fix update

2022-03-10 14:37:54

packetstorm

Dirty Pipe Local Privilege Escalation

2022-03-10 00:00:00

K63603485 : Linux kernel vulnerability CVE-2022-0847

2022-03-11 00:00:00

zdt

Dirty Pipe Linux Privilege Escalation Exploit

2022-03-09 00:00:00

Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe) Exploit

2022-03-08 00:00:00

Dirty Pipe SUID Binary Hijack Privilege Escalation Exploit

2022-03-09 00:00:00

thn

'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices

2022-03-15 03:44:00

Researchers Warn of Linux Kernel 'Dirty Pipe' Arbitrary File Overwrite Vulnerability

2022-03-08 07:43:00

"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered

2022-08-22 13:05:00

checkpoint_advisories

Linux Kernel Privilege Escalation (CVE-2022-0847)

2022-10-31 00:00:00

fortinet

CVE-2022-0847 on Linux Kernel

2023-04-11 00:00:00

securelist

CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel

2022-03-14 14:11:07

ubuntucve

CVE-2022-0847

2022-03-07 00:00:00

metasploit

Dirty Pipe Local Privilege Escalation via CVE-2022-0847

2022-03-07 15:49:27

cisa_kev

Linux Kernel Privilege Escalation Vulnerability

2022-04-25 00:00:00

debiancve

CVE-2022-0847

2022-03-10 17:44:00

cbl_mariner

CVE-2022-0847 affecting package kernel for versions less than 5.15.26.1-1

2022-04-09 06:52:47

exploitdb

Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe)

2022-03-08 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0449

2022-03-07 00:00:00

Important Photon OS Security Update - PHSA-2022-0160

2022-03-10 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0370

2022-03-10 00:00:00

malwarebytes

Linux “Dirty Pipe” vulnerability gives unprivileged users root access

2022-03-11 14:38:30

threatpost

Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw

2022-03-15 16:58:43

Bug in the Linux Kernel Allows Privilege Escalation, Container Escape

2022-03-08 14:52:05

rocky

kernel-rt security and bug fix update

2022-03-11 02:24:05

kernel security, bug fix, and enhancement update

2022-03-11 02:26:54

kernel-rt security and bug fix update

2022-03-10 14:37:54

mageia

Updated kernel packages fix security vulnerabilities

2022-03-08 02:10:22

Updated kernel-linus packages fix security vulnerabilities

2022-03-09 20:03:00

trellix

The Bug Report - March 2022 Edition

2022-04-06 00:00:00

The Bug Report - March 2022 Edition

2022-04-06 00:00:00

ubuntu

Linux kernel vulnerabilities

2022-03-09 00:00:00

suse

Security update for the Linux Kernel (important)

2022-03-08 00:00:00

Security update for the Linux Kernel (important)

2022-03-08 00:00:00

slackware

[slackware-security] Slackware 15.0 kernel

2022-03-09 04:16:04

almalinux

Important: kernel security, bug fix, and enhancement update

2022-03-10 14:43:03

debian

[SECURITY] [DSA 5092-1] linux security update

2022-03-07 12:54:12

ics

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

2022-06-16 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for CISA:36070B40E6791FC966ACFEACAE76F54C