Date: Mon, 7 Mar 2022 13:01:19 +0100 From: Max Kellermann <max.kellermann@...os.com> To: oss-security@...ts.openwall.com Subject: CVE-2022-0847: Linux kernel: overwriting read-only files Hi oss-security, two weeks ago, I found a vulnerability in the Linux kernel since version 5.8 commit f6dd975583bd ("pipe: merge anon_pipe_buf*_ops") due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem. It can be used to inject code into arbitrary processes. It is similar to CVE-2016-5195 "Dirty Cow", but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. A proof-of-concept exploit is attached. For anybody curious, here's an article about how I discovered this: https://dirtypipe.cm4all.com/ Max View attachment "write_anything.c" of type "text/x-csrc" (4371 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.