CVE-2022-0847

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-0847

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0847.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0847

Aliases

A-220741611
ASB-A-220741611

Downstream

BELL-CVE-2022-0847

DEBIAN-CVE-2022-0847

DSA-5092-1

RHSA-2022:0819

RHSA-2022:0820

RHSA-2022:0821

RHSA-2022:0822

RHSA-2022:0823

RHSA-2022:0825

RHSA-2022:0831

RHSA-2022:0841

RLSA-2022:0819

RLSA-2022:0825

SUSE-SU-2022:0755-1

SUSE-SU-2022:0757-1

SUSE-SU-2022:0759-1

SUSE-SU-2022:0760-1

SUSE-SU-2022:0761-1

SUSE-SU-2022:0763-1

SUSE-SU-2022:0764-1

SUSE-SU-2022:0765-1

SUSE-SU-2022:0766-1

SUSE-SU-2022:0767-1

SUSE-SU-2022:0768-1

UBUNTU-CVE-2022-0847

USN-5317-1

USN-5362-1

openSUSE-SU-2022:0755-1

openSUSE-SU-2022:0760-1

openSUSE-SU-2022:0768-1

openSUSE-SU-2024:11910-1

openSUSE-SU-2024:13704-1

Related

Published

2022-03-10T17:44:57.283Z

Modified

2026-02-19T01:36:38.193870Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

References

Affected packages

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4357384fdc248c32a106dbbefeda94a330f1d316

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0847.json"