CVE-2022-0847

CVE Details

Release Date:

2022-03-10

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

See more information about CVE-2022-0847 from MITRE CVE dictionary and NIST NVD

CVSS v3.0 metrics

NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score:	7.8	Base Metrics:	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Access Vector:	Local network	Attack Complexity:	Low
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	High
Integrity Impact:	High	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9210	2022-03-10
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9211	2022-03-10
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9244	2022-03-23
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9313	2022-04-25
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9212	2022-03-10
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9213	2022-03-10
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9245	2022-03-23
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9314	2022-04-25
Oracle Linux version 8 (kernel)	ELSA-2022-0825	2022-03-11
Oracle Linux version 8 (kernel-uek)	ELSA-2022-9211	2022-03-10
Oracle Linux version 8 (kernel-uek)	ELSA-2022-9244	2022-03-23
Oracle Linux version 8 (kernel-uek-container)	ELSA-2022-9212	2022-03-10
Oracle Linux version 8 (kernel-uek-container)	ELSA-2022-9245	2022-03-23

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team