How to fix CVE-2022-0847?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

Is Linux Kernel affected by CVE-2022-0847?

Organizations using A flaw face notable risk from CVE-2022-0847 rated CVSS 7.8. Exploitation could compromise the security of affected deployments. This vulnerability is actively exploited in the wild (KEV-listed) and requires immediate remediation.

CVE-2022-0847

HIGH

2022-03-10 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:19 vuln.today

Patch Released

Nov 06, 2025 - 14:50 nvd

Patch available

PoC Detected

Nov 06, 2025 - 14:50 vuln.today

Public exploit code

Added to CISA KEV

Nov 06, 2025 - 14:50 cisa

CISA KEV

CVE Published

Mar 10, 2022 - 17:44 nvd

HIGH 7.8

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Analysis

Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged local users to overwrite read-only files, enabling trivial privilege escalation to root on Linux 5.8+.

Technical Context

The CWE-665 improper initialization in copy_page_to_iter_pipe and push_pipe leaves the PIPE_BUF_FLAG_CAN_MERGE flag set on newly allocated pipe buffers. When a pipe is spliced from a file, subsequent writes to the pipe overwrite the page cache of the source file, even if the file is read-only (owned by root with 0644 permissions).

Affected Products

['Linux kernel 5.8 through 5.16.10', 'Linux kernel 5.15.x before 5.15.25', 'Android 12 (kernel 5.10+)']

Remediation

Update Linux kernel to 5.16.11, 5.15.25, or 5.10.102+. For Android, apply the March 2022 security patch. Container environments must update the host kernel. Monitor for /etc/passwd and /etc/shadow modification attempts.

Priority Score

202

Low Medium High Critical

KEV: +50

EPSS: +82.7

CVSS: +39

POC: +20

CVE-2022-0847 vulnerability details – vuln.today

Back

CVE-2022-0847

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2022-0847

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code