Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKPOu+8WtknWoUeY-CTK5ejo0hOQDsPOsbO12pFK6ifJwmVo4Q@mail.gmail.com>
Date: Mon, 7 Mar 2022 13:01:19 +0100
From: Max Kellermann <max.kellermann@...os.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2022-0847: Linux kernel: overwriting read-only files

Hi oss-security,

two weeks ago, I found a vulnerability in the Linux kernel since
version 5.8 commit f6dd975583bd ("pipe: merge anon_pipe_buf*_ops") due
to uninitialized variables.  It enables anybody to write arbitrary
data to arbitrary files, even if the file is O_RDONLY, immutable or on
a MS_RDONLY filesystem.  It can be used to inject code into arbitrary
processes.

It is similar to CVE-2016-5195 "Dirty Cow", but is easier to exploit.

The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.

A proof-of-concept exploit is attached.

For anybody curious, here's an article about how I discovered this:
 https://dirtypipe.cm4all.com/

Max

View attachment "write_anything.c" of type "text/x-csrc" (4371 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.