CVE-2022-0847
Linux Kernel Privilege Escalation Vulnerability
7.8
HIGH
CVSS 3.1
⚠ KEVEPSS 82.0%
Description
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
How to fix CVE-2022-0847
To remediate CVE-2022-0847, upgrade the affected package to a fixed version below.
- —upgrade to 5.10.92-2 or later
Is CVE-2022-0847 being exploited?
Yes — CVE-2022-0847 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (1)
- from 0, < 5.10.92-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |