How To Identify and Fix The Dirty Pipe Vulnerability In Linux Kernel- CVE-2022-0847
A vulnerability has been identified in the Linux Kernel1 which allows overwriting data in arbitrary read-only files, which might lead to privilege escalation as unprivileged processes can inject code into root processes2 . It is similar to CVE-2016-5195 ‘Dirty Cow’ but is easier to exploit which makes it more dangerous. The vulnerability is tracked under CVE ID CVE-2022-0847. The article explains the steps to Identify and Fix the vulnerability.3
Associated CVE ID |
CVE-2022-0847 |
Description |
A vulnerability in the Linux kernel that allows overwriting data in arbitrary read-only files. |
Associated ZDI ID |
– |
CVSS Score |
7.8 High |
Vector |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Impact Score |
– |
Exploitability Score |
– |
Attack Vector (AV) |
Local |
Attack Complexity (AC) |
Low |
Privilege Required (PR) |
Low |
User Interaction (UI) |
None |
Scope |
Unchanged |
Confidentiality (C) |
High |
Integrity (I) |
High |
availability (a) |
High |
Identify whether the Kernel Version Affected By CVE-2022-0847
The vulnerability exists in kernel versions starting from v5.8 to v5.15. On an Ubuntu machine, you will be able to run the command 'uname -rs' and confirm whether your Kernel version is affected.
Fix CVE-2022-0847 on Ubuntu
Before starting to fix the vulnerability please do make sure to take a backup of the whole machine. Once the backup is completed proceed by checking the kernel version using the command 'uname -rs'
1) Check the kernel version
uname -rs
2) Download kernel modules 5.17
Download the kernel modules from kernel.ubuntu.com website. Download the latest version available.
3) Download these two files (where X.Y.Z is the highest version):
- linux-image-*X.Y.Z*-generic-*.deb
- linux-modules-X.Y.Z*-generic-*.deb
Make sure to replace X, Y, Z with the required numbers for the versions.
4) Execute the below commands to fetch the deb files
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-image-unsigned-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.17-rc7/amd64/linux-modules-5.17.0-051700rc7-generic_5.17.0-051700rc7.202203062330_amd64.deb
5) Execute chmod +x command to provide execute permissions
chmod +x *.deb
6) Install kernel module 5.17
sudo dpkg --install *.deb
7) Reboot
Once installation is complete restart the machine using ‘reboot’ command.
8) Confirm Kernel Upgrade
Once the reboot process is completed execute the ‘uname -rs’ command to confirm the kernel version is upgraded to the secure one.