Trend Micro -
Exploits & Vulnerabilities
We provide a guide to detecting Dirty Pipe, a Linux kernel vulnerability tracked as CVE-2022-0847.
This blog provides threat analysts a guide to detecting an arbitrary file overwrite vulnerability in Linux Kernel, also known as Dirty Pipe. Dirty Pipe is a local privilege escalation vulnerability that is tracked as CVE-2022-0847. It has a CVSS score of 7.8 and was discovered by IONOS software developer Max Kellermann.
This vulnerability exists in Linux kernel and exploits the flaw in Linux Kernel memory management in the way pipe page caches are merged and overwrites other page caches. The vulnerability is easy to exploit and allows a low-privileged user to escalate to root privilege on the host. There have also been various public proof-of-concept exploits.
Attackers can abuse this flaw to write to pages in the page cache of read-only files. They can also execute their code to escalate their privileges on the system.
The following sections outline