CVE-2022-0847

HIGH Year: 2022
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-665
View all →

Vulnerability Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Related Vulnerabilities

CVE-2007-3749

HIGH
CVSS:7.8(High)

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary co...

CWE-6652007

CVE-2014-9942

HIGH
CVSS:7.8(High)

In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.

CWE-6652014

CVE-2017-0723

HIGH
CVSS:7.8(High)

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755.

CWE-6652017

CVE-2017-0745

HIGH
CVSS:7.8(High)

A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.

CWE-6652017

CVE-2017-13153

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.

CWE-6652017

CVE-2017-14102

HIGH
CVSS:7.8(High)

MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account ...

CWE-6652017