74 lines
2.4 KiB
JSON
74 lines
2.4 KiB
JSON
{
|
|
"cve": "CVE-2022-0847",
|
|
"name": "Dirty Pipe",
|
|
"description": "A flaw was found in the way the pipe buffer flag was handled in the Linux kernel. An unprivileged local user could exploit this flaw to overwrite data in arbitrary read-only files, leading to privilege escalation. The vulnerability affects Linux kernel versions 5.8 through 5.16.10, 5.15.0-5.15.24, and 5.10.0-5.10.101.",
|
|
"severity": "high",
|
|
"artifact": {
|
|
"name": "vmlinux",
|
|
"format": "elf",
|
|
"architecture": "x86_64",
|
|
"os": "linux"
|
|
},
|
|
"original": {
|
|
"package": "linux-image-unsigned-5.13.0-34-generic",
|
|
"version": "5.13.0-34.39",
|
|
"distro": "Ubuntu 21.10 (Impish)",
|
|
"source": "https://old-releases.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-unsigned-5.13.0-34-generic_5.13.0-34.39_amd64.deb",
|
|
"sha256": "pending",
|
|
"hasDebugSymbols": false,
|
|
"pathInPackage": "/boot/vmlinuz-5.13.0-34-generic"
|
|
},
|
|
"patched": {
|
|
"package": "linux-image-unsigned-5.13.0-35-generic",
|
|
"version": "5.13.0-35.40",
|
|
"distro": "Ubuntu 21.10 (Impish)",
|
|
"source": "https://old-releases.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-unsigned-5.13.0-35-generic_5.13.0-35.40_amd64.deb",
|
|
"sha256": "pending",
|
|
"hasDebugSymbols": false,
|
|
"pathInPackage": "/boot/vmlinuz-5.13.0-35-generic"
|
|
},
|
|
"patch": {
|
|
"commit": "9d2231c5d74e13b2a0546fee6737ee4446017903",
|
|
"upstream": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d2231c5d74e13b2a0546fee6737ee4446017903",
|
|
"functionsChanged": [
|
|
"copy_page_to_iter_pipe",
|
|
"push_pipe"
|
|
],
|
|
"filesChanged": [
|
|
"fs/pipe.c",
|
|
"lib/iov_iter.c"
|
|
],
|
|
"summary": "Fix PIPE_BUF_FLAG_CAN_MERGE handling to prevent arbitrary file overwrites by clearing the flag when allocating new pipe buffers"
|
|
},
|
|
"advisories": [
|
|
{
|
|
"source": "ubuntu",
|
|
"id": "USN-5317-1",
|
|
"url": "https://ubuntu.com/security/notices/USN-5317-1"
|
|
},
|
|
{
|
|
"source": "nvd",
|
|
"id": "CVE-2022-0847",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847"
|
|
},
|
|
{
|
|
"source": "researcher",
|
|
"id": "Dirty Pipe",
|
|
"url": "https://dirtypipe.cm4all.com/"
|
|
}
|
|
],
|
|
"expectedDiff": {
|
|
"sectionsChanged": [
|
|
".text"
|
|
],
|
|
"sectionsIdentical": [
|
|
".rodata",
|
|
".data"
|
|
],
|
|
"verdict": "patched",
|
|
"confidenceMin": 0.9
|
|
},
|
|
"createdAt": "2026-01-13T14:00:00Z",
|
|
"createdBy": "StellaOps Golden Pairs Tool v1.0.0"
|
|
}
|