vulnerability

Alma Linux: CVE-2022-0847: Important: kernel security, bug fix, and enhancement update (ALSA-2022-0825)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Mar 10, 2022	May 4, 2022	Sep 15, 2022

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Mar 10, 2022

Added

May 4, 2022

Modified

Sep 15, 2022

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Solution

alma-upgrade-kernel-tools-libs-devel

References

CVE-2022-0847
https://attackerkb.com/topics/CVE-2022-0847
URL-https://errata.almalinux.org/8/ALSA-2022-0825.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today