Security Notices
  1. Help Center
  2. Security Notices

CVE-2022-0847 - Local privilege escalation in Linux pipe (DirtyPipe)

How does this vulnerability affect Kasm Workspaces

Vulnerability Summary

CVE-2022-0847 also known as the DirtyPipe vulnerability affects Linux kernel versions 5.8 and newer. It has been patched in 5.16.11, 5.15.25, and 5.10.102, with releases from major distros to be forthcoming. A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.More information on the nature of the vulnerability can be found at:

Affected Components

Since this is a Linux kernel vulnerability, the bug has implications in all Linux based servers. Since the affected system call is unprivileged and generally allowed by container runtime security profiles, it would affect all containers as well. All Linux based servers should be checked to see if the kernel version is 5.8 or greater. This can be done using the command "uname -r". If the kernel version is 5.8 or greater, this vulnerability applies.

Administrators can not assume that if the Linux distribution is supposed to ship with a certain kernel version, that this is the kernel version on any particular system. Each cloud provider maintains their own version of each distribution and their own kernel versions. In addition, administrators can change kernel versions at any time after installation. Therefore, it is vital that each server be checked explicitly.

Check with the company that maintains the kernel for the installed Linux distribution for security notices and patches.