CVE-2022-0847: Linux kernel: overwriting read-only files

[Max Kellermann <max.kellermann () ionos com>]

Hi oss-security,

two weeks ago, I found a vulnerability in the Linux kernel since
version 5.8 commit f6dd975583bd ("pipe: merge anon_pipe_buf*_ops") due
to uninitialized variables.  It enables anybody to write arbitrary
data to arbitrary files, even if the file is O_RDONLY, immutable or on
a MS_RDONLY filesystem.  It can be used to inject code into arbitrary
processes.

It is similar to CVE-2016-5195 "Dirty Cow", but is easier to exploit.

The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.

A proof-of-concept exploit is attached.

For anybody curious, here's an article about how I discovered this:
 https://dirtypipe.cm4all.com/

Max

Attachment: write_anything.c
Description: