Security News > 2022 > March > Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)
An easily exploitable vulnerability in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits.
Affected Linux distributions are in the process of pushing out security updates with the patch.
CVE-2022-0847 is a flaw in the way the Linux kernel handles pipe buffer flags, and it allows attackers to overwrite data in read-only files and SUID binaries to achieve root access.
The bug is obviously easy to exploit, though it can't be done remotely - attackers need to have prior access to a vulnerable host to deploy an exploit.
Users of various Linux distributions and Android devices should be on the lookout for security updates implementing the patch.
CVE-2022-0847 affects Linux Kernel 5.8 and later versions, and has been fixed in Linux 5.16.11, 5.15.25 and 5.10.102 and the latest Android kernel.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-10 | CVE-2022-0847 | Improper Initialization vulnerability in multiple products A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. | 7.8 |