oss-sec mailing list archives
CVE-2022-0847: Linux kernel: overwriting read-only files
From: Max Kellermann <max.kellermann () ionos com>
Date: Mon, 7 Mar 2022 13:01:19 +0100
Hi oss-security, two weeks ago, I found a vulnerability in the Linux kernel since version 5.8 commit f6dd975583bd ("pipe: merge anon_pipe_buf*_ops") due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem. It can be used to inject code into arbitrary processes. It is similar to CVE-2016-5195 "Dirty Cow", but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. A proof-of-concept exploit is attached. For anybody curious, here's an article about how I discovered this: https://dirtypipe.cm4all.com/ Max
Attachment:
write_anything.c
Description:
Current thread:
- CVE-2022-0847: Linux kernel: overwriting read-only files Max Kellermann (Mar 07)