Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

Docs Navigation

TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Help Me Choose FreeNAS

Systems Overview M-Series X-Series R-Series Mini Series

Blog In the News TrueNAS Store iXsystems Careers

TrueNAS GitHub Community Forum Discord TrueNAS Merch Store

Application Asigra TrueNAS Solution Backup Big Data Cloud Multimedia Virtualization

Industry Education Finance Government Healthcare High-Tech Media & Entertainment

Support Documentation TrueNAS Security Blog Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

CVE

TrueNAS SCALE 22.02

CVE-2022-0847 : Dirty Pipe - Linux Kernel Privilege Escalation

2022-03-09

Versions Affected : All versions prior to TrueNAS SCALE 22.02.0.1. Versions Not Affected : TrueNAS CORE is not vulnerable.

Description

A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values.

An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base score 7.8.

Workaround

No workarounds available

Mitigation

Currently there is no mitigation available for this flaw. Customers should update once they are available.

Commit

Further information

MITRE CVE-2022-0847 Entry