This would allow for an unprivileged user to overwrite specific contents of a file (either in memory or on disk) even when only allowed read-only access by existing access controls such as SELinux, standard Linux permissions, advanced access control, immutable files and devices being mounted ‘read only’. If a file backs this spliced page, the change will be reflected to the shared system-wide view of the file in memory and any subsequent cache flush will write the manipulated data to disk ignoring existing Linux permissions settings. This flag controls coalescing of writes into a pipe buffer and thus allows for writing to an existing page spliced into the pipe. This was demonstrated by creating new pipe buffers with the PIPE_BUF_FLAG_CAN_MERGE flag incorrectly set due to the lack of proper initialization. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and, as such, escalate their privileges on the system.
Technical summaryĪ flaw was found in the way the "flags" member of the new pipe buffer structure lacked proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. To determine if your system is affected by this flaw, see the Diagnose section below. Please ensure that the underlying RHEL kernel package is current in these product environments. This includes products that pull packages from the RHEL channel, such as Red Hat OpenShift Container Platform 3, Red Hat OpenStack Platform and others. The following Red Hat products are affected:įurther, any Red Hat product based on Red Hat Enterprise Linux 8 (including RHEL CoreOS) are also affected but not vulnerable as well. However, the underlying flaw is still present and other novel ways leading to successful exploitation cannot be fully ruled out.
Note that for Red Hat Enterprise Linux 8 (RHEL), the currently known exploits do not work. This issue was publicly disclosed on March 7, 2022, and rated with a severity impact of Important. This vulnerability is assigned CVE-2022-0847 and is also known as the Dirty Pipe vulnerability. Red Hat is aware of a vulnerability affecting the Linux kernel that allows an attacker to modify the contents of a file (either in memory or on disk) even when on read-only access mode.
0 kommentar(er)
