Checkmk is not affected by Dirty Pipe Exploit (CVE-2022-0847)

Owned by Former user (Deleted)
Last updated: yesterday at 7:37 pm by Matthew Hierholzer
1 min read

A newly revealed vulnerability impacted the way the “flags” member of the new pipe buffer structure lacked proper initialization and was registered as CVE-2022-0847.

LAST TESTED ON CHECKMK 2.3.0P15

Table of Contents

Problem

A flaw was found in how the “flags” member of the new pipe buffer structure lacked proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel, and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and, as such, escalate their privileges on the system.

Solution

As of the time of writing this article, the appliances (virtual or physical) are not affected by the Dirty-Pipe-Exploit.

Reason

Dirty-Pipe only works with kernels 5.8+, while the appliance is Debian 9 based (Kernel 4.9.0-17)