A newly revealed vulnerability impacted the way the "flags" member of the new pipe buffer structure lacked proper initialization and was registered as CVE-2022-0847.
LAST TESTED ON CHECKMK 2.2.0P1
Problem
A flaw was found in how the "flags" member of the new pipe buffer structure lacked proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and, as such, escalate their privileges on the system.
Solution
As of the time of writing this article, the appliances (virtual or physical) are not affected by the Dirty-Pipe-Exploit.
Related articles