HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2022-0847

CVSS 7.8v3.1pub. 2022-03-10upd. 2025-11-06

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Fedora Project Fedora

    OS
    Fedoraproject
    35
  • Linux Kernel

    OS
    Linux
    5.8 – 5.10.102 (bez)5.15 – 5.15.25 (bez)5.16 – 5.16.11 (bez)
  • Netapp H300e

    HW
    Netapp
    wszystkie wersje
  • Netapp H300e Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H300s

    HW
    Netapp
    wszystkie wersje
  • Netapp H300s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H410c

    HW
    Netapp
    wszystkie wersje
  • Netapp H410c Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H410s

    HW
    Netapp
    wszystkie wersje
  • Netapp H410s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H500e

    HW
    Netapp
    wszystkie wersje
  • Netapp H500e Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H500s

    HW
    Netapp
    wszystkie wersje
  • Netapp H500s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H700e

    HW
    Netapp
    wszystkie wersje
  • Netapp H700e Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H700s

    HW
    Netapp
    wszystkie wersje
  • Netapp H700s Firmware

    OS
    Netapp
    wszystkie wersje
  • Ovirt Engine

    APP
    Ovirt
    4.4.10.2
  • Red Hat Codeready Linux Builder

    APP
    Redhat
    wszystkie wersje
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    8.28.4
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    8.0
  • Red Hat Enterprise Linux For IBM Z Systems Eus

    OS
    Redhat
    8.28.4
  • Red Hat Enterprise Linux For Power Little Endian

    OS
    Redhat
    8.0
  • Red Hat Enterprise Linux For Power Little Endian Eus

    OS
    Redhat
    8.28.4
  • Red Hat Enterprise Linux For Real Time

    OS
    Redhat
    8
  • Red Hat Enterprise Linux For Real Time For Nfv

    OS
    Redhat
    8
  • Red Hat Enterprise Linux For Real Time For Nfv Tus

    OS
    Redhat
    8.28.4
  • Red Hat Enterprise Linux For Real Time Tus

    OS
    Redhat
    8.28.4

CISA KEV — detailsi

Vendori
Linux
Producti
Kernel
Added to KEVi
April 25, 2022
Remediation deadline (US Federal)i
May 16, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 16 maja 2022
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-54085CRITICAL10.0⚠ KEVPL ✓ten sam produkt

AMI MegaRAC SPx — zdalne ominięcie uwierzytelnienia w interfejsie Redfish BMC

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit