ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2022-0847: kernel: improper initialization of the "flags" member of the new pipe_buffer

book

Article ID: 237377

calendar_today

Updated On:

Products

CA Spectrum DX NetOps DX NetOps Insights CA Performance Management - Usage and Administration CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values.

An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Environment

RedHat Enterprise Linux 8.x

Resolution

RedHat Enterprise Linux 6 and 7 are not affected by this vulnerability.

This is a kernel level vulnerability.  Thus DX Netops products are not affected by it or by updating to the proper kernel level to resolve the vulnerability.

kernel 5.17-rc6 resolves this problem.

Additional Information

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847

https://nvd.nist.gov/vuln/detail/CVE-2022-0847

https://bugzilla.redhat.com/show_bug.cgi?id=2060795