POC详情: b87d12a5bcc2718fab969c561fa714e0fe351295

来源
关联漏洞
标题: Linux kernel 安全漏洞 (CVE-2022-0847)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于新管道缓冲区结构的“flag”变量在 Linux 内核中的 copy_page_to_iter_pipe 和 push_pipe 函数中缺乏正确初始化。非特权本地用户利用该漏洞可以提升权限至root。以下产品和版本受到影响:Linux Kernel 5.8-5.16.11、5.8-5.15.25、5.8-5.10.102。
介绍

### Information


```c
Exploit Title: Local Privilege Escalation in Linux kernel  (CVE-2022-0847)
Tested on: ubuntu 20.04.1 LTS
Affect product:Linux kernel 5.8 or later
Fixed Product:Linux kernel 5.16.11, 5.15.25, 5.10.102
CVE ID: CVE-2022-0847
```

  

### How to Exploit

  

Local Privilege Escalation

  

```
  gcc exploit.c -o exploit
  cp /bin/passwd .
  sudo chown root:root ./passwd
  sudo chmod +s ./passwd
  ./exploit ./passwd
```

### Reference

  

https://dirtypipe.cm4all.com/
https://sysdig.com/blog/cve-2022-0847-dirty-pipe-sysdig/
  

### Timeline

  

- 2021-04-29: first support ticket about file corruption

- 2022-02-19: file corruption problem identified as Linux kernel bug, which turned out to be an exploitable vulnerability

- 2022-02-20: bug report, exploit and patch sent to the [Linux kernel security team](https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html)

- 2022-02-21: bug reproduced on Google Pixel 6; bug report sent to the Android Security Team

- 2022-02-21: [patch sent to LKML (without vulnerability details)](https://lore.kernel.org/lkml/20220221100313.1504449-1-max.kellermann@ionos.com/) as suggested by Linus Torvalds, Willy Tarreau and Al Viro

- 2022-02-23: Linux stable releases with my bug fix ([5.16.11](https://lore.kernel.org/stable/1645618039140207@kroah.com/), [5.15.25](https://lore.kernel.org/stable/164561803311588@kroah.com/), [5.10.102](https://lore.kernel.org/stable/164561802556115@kroah.com/))

- 2022-02-24: [Google merges my bug fix into the Android kernel](https://android-review.googlesource.com/c/kernel/common/+/1998671)

- 2022-02-28: notified the [linux-distros](https://oss-security.openwall.org/wiki/mailing-lists/distros#how-to-use-the-lists) mailing list

- 2022-03-07: public disclosure
文件快照

[4.0K] /data/pocs/b87d12a5bcc2718fab969c561fa714e0fe351295 ├── [8.2K] exploit.c └── [1.7K] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。