{"uuid": "9e2b8503-aca8-40bd-8bbd-ee3415448f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-0847", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/112", "content": "The Dirty Pipe Vulnerability\n\n\ud83d\udc64 by Max Kellermann\n\nThis is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.\nIt is similar to\u00a0CVE-2016-5195 \u201cDirty Cow\u201d\u00a0but is easier to exploit.\nThe vulnerability\u00a0was fixed\u00a0in Linux 5.16.11, 5.15.25 and 5.10.102.\n\n\n\ud83d\udcdd Contents: \n\u2022 Abstract\n\u2022 Corruption pt. I\n\u2022 Access Logging\n\u2022 Corruption pt. II\n\u2022 Corruption pt. III\n\u2022 Man staring at code\n\u2022 Man staring at kernel code\n\u2022 Pipes and Buffers and Pages\n\u2022 Uninitialized\n\u2022 Corruption pt. IV\n\u2022 Exploiting\n\u2022 Timeline\n\nhttps://dirtypipe.cm4all.com", "creation_timestamp": "2022-03-08T11:14:13.000000Z"}