CVE-2022-0847

CVE Details

Release Date:	2022-03-10
Impact:	None	What is this?

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

See more information about CVE-2022-0847 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	7.8
Vector String:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version:	3.0
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	High
Integrity Impact:	High
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9210	2022-03-10
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9211	2022-03-10
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9244	2022-03-23
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9313	2022-04-25
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9212	2022-03-10
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9213	2022-03-10
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9245	2022-03-23
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9314	2022-04-25
Oracle Linux version 8 (kernel)	ELSA-2022-0825	2022-03-11
Oracle Linux version 8 (kernel-uek)	ELSA-2022-9211	2022-03-10
Oracle Linux version 8 (kernel-uek)	ELSA-2022-9244	2022-03-23
Oracle Linux version 8 (kernel-uek-container)	ELSA-2022-9212	2022-03-10
Oracle Linux version 8 (kernel-uek-container)	ELSA-2022-9245	2022-03-23