CVE-2022-0847
Published: 10 March 2022
Summary
CVE-2022-0847 is a high-severity Improper Initialization (CWE-665) vulnerability in Redhat Enterprise Linux Eus. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2022-0847 is a flaw in the Linux kernel arising from improper initialization of the "flags" member in the new pipe buffer structure within the copy_page_to_iter_pipe and push_pipe functions. The uninitialized field can retain stale values, enabling writes to pages in the page cache that are backed by read-only files. The affected component is the Linux kernel; the issue carries a CVSS 3.1 score of 7.8 and is associated with CWE-665.
An unprivileged local user can exploit the flaw to modify read-only file contents cached in memory and thereby escalate privileges on the system. Exploitation requires local access and does not depend on user interaction or special network conditions.
Public exploit code targeting the vulnerability has been posted to Packet Storm, and a Red Hat Bugzilla entry provides additional technical details. The EPSS score currently stands at 0.8108 with a recorded peak of 0.8461, indicating sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-15890
Vulnerability details
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could…
more
use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
- CWE(s)
- KEV Date Added
- 25 April 2022
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of patches that eliminate the improper pipe-buffer initialization flaw allowing local privilege escalation.
Enforces least-privilege restrictions on unprivileged local users so that even successful exploitation cannot obtain root or SUID capabilities.
Requires process isolation boundaries that limit the ability of a flawed pipe implementation to corrupt page-cache contents belonging to other subjects.