Skip to main content

Dirty Pipe: Linux Kernel Vulnerability Could Lead to Root Privileges - CVE-2022-0847

Background

In April 2021, CVE-2022-0847 was discovered by security researcher Max Kellermann; it took another few months for him to figure out what was happening. The flaw has already been patched in the Linux kernel and the Android kernel. Affected Linux distributions are in the process of pushing out security updates with the patch.

Due to the similarities of the Dirty Cow flaw, CVE-2016-5195; has been named Dirty Pipe.

CVE ID

CVSS Score V3

CVSS Criticality

Type

Description

CVE-2022-0847

7.8

High

Local Privilege Escalation

Linux Kernel Vulnerability – Version 5.8 and later

Analysis

CVE-2022-0847

The Linux Kernel Security Team patched a local privilege escalation vulnerability in the Linux Kernel that could allow a threat actor with local access to an affected system to escalate user privileges to root.

The most likely attack scenario is from an internal threat where a malicious user could escalate from user to full root privileges. An external attack scenario would be from an attacker who already has local authenticated access to the vulnerable system either from another vulnerability or password spraying style attack. Once local authenticated access is achieved, the external attacker could then escalate to full root privileges leveraging this vulnerability.

Note: This is not a remotely exploitable vulnerability, a threat actor must have prior access to exploit the vulnerability.

Solutions and Recommendations

Due to the widespread nature of CVE-2022-0847, Arctic Wolf recommends patching systems in accordance with the Linux distribution vendor. Major Linux distributions have published security advisories detailing the impacted versions and remediation steps.

Prioritize patching systems that are external facing or are considered high value assets.

Linux Distribution

Vendor Advisory

Red Hat

https://access.redhat.com/security/cve/CVE-2022-0847

Ubuntu

https://ubuntu.com/security/CVE-2022-0847

Debian

https://security-tracker.debian.org/tracker/CVE-2022-0847

SUSE

https://www.suse.com/security/cve/CVE-2022-0847.html

References

Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.

About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar