{"uuid": "b84ba3bb-d5e2-4d78-88a6-0c4cbcbe9dbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "title": "Dirty Pipe (CVE-2022-0847)", "description": "Dirty Pipe (CVE-2022-0847) is a vulnerability in the Linux kernel which allows an attacker to overwrite files that they have read-only access to. At the time of writing, this vulnerability is 3 years old, but overwriting nearly any file without appropriate permissions using only a few system calls stood out to me. Additionally, since the exploit abuses normal kernel behavior, detecting the exploit is not an easy task.\n\nCVE-2022-0847 affects the following Linux kernel versions, according to NIST\u2019s NVD:\n\n*     From 5.8 up to (but not including) 5.10.102\n*     From 5.15 up to (but not including) 5.15.25\n*     From 5.16 up to (but not including) 5.16.11\n\nThe vulnerability can be weaponized to escalate privileges on older Linux systems due to the arbitrary file overwrite. It abuses a flaw in functions in the Linux kernel that allowed pipes to contain stale flag values. Because of this, a pipe could be used to write to pages in the kernel page cache, which in turn could write arbitrarily to files the user does not have write permission for.", "description_format": "markdown", "vulnerability": "CVE-2022-0847", "creation_timestamp": "2025-07-11T20:52:01.806482+00:00", "timestamp": "2025-07-11T20:52:01.806482+00:00", "related_vulnerabilities": ["CVE-2022-0847"], "meta": [{"ref": ["https://morgenm.github.io/blog/2025/dirtypipe/"]}], "author": {"login": "cedric", "name": "C\u00e9dric Bonhomme", "uuid": "af0120d0-3dac-4a6a-974b-a9f33d2a9846"}}