Q: Can this flaw corrupt the content of actual files on disk?Ī: It can. So subsequent reads of the file will return the corrupted content. Q: How can this flaw modify read-only content?Ī: When a file is accessed, it gets loaded in the “cached” region of the memory (the page cache), and the attacker would be able to change the file content in the cached memory.
DOWNLOAD SECURE PIPES HOW TO
Instructions on how to use GPG signatures for verification are available on the Customer Portal.
DOWNLOAD SECURE PIPES DOWNLOAD
To verify the authenticity of the script, you can download the detached OpenPGP signature as well. What is the Red Hat Enterprise Linux SAP Solutions subscription? DiagnoseĪ vulnerability detection script has been developed to determine if your system is currently affected by this flaw.
DOWNLOAD SECURE PIPES UPDATE
What is the Red Hat Enterprise Linux Extended Update Support (EUS) Subscription? Advisory/Update link will be added once updates are live. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Extended Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Customers are urged to apply the available updates immediately and enable the mitigations as they deem appropriate. Red Hat customers running affected versions of these Red Hat products are strongly recommended to update as soon as errata are available. Customers should update to fixed packages once they are available. MitigationĬurrently, there is no mitigation available for this flaw. Note that the PIPE_BUF_FLAG_CAN_MERGE flag attack vector is not available in Red Hat Enterprise Linux 8, thus the currently known exploits leveraging this flag do not work.
This would allow for an unprivileged user to overwrite specific contents of a file (either in memory or on disk) even when only allowed read-only access by existing access controls such as SELinux, standard Linux permissions, advanced access control, immutable files and devices being mounted ‘read only’. If a file backs this spliced page, the change will be reflected to the shared system-wide view of the file in memory and any subsequent cache flush will write the manipulated data to disk ignoring existing Linux permissions settings. This flag controls coalescing of writes into a pipe buffer and thus allows for writing to an existing page spliced into the pipe. This was demonstrated by creating new pipe buffers with the PIPE_BUF_FLAG_CAN_MERGE flag incorrectly set due to the lack of proper initialization. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and, as such, escalate their privileges on the system.
Technical summaryĪ flaw was found in the way the "flags" member of the new pipe buffer structure lacked proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. To determine if your system is affected by this flaw, see the Diagnose section below. Please ensure that the underlying RHEL kernel package is current in these product environments. This includes products that pull packages from the RHEL channel, such as Red Hat OpenShift Container Platform 3, Red Hat OpenStack Platform and others. The following Red Hat products are affected:įurther, any Red Hat product based on Red Hat Enterprise Linux 8 (including RHEL CoreOS) are also affected but not vulnerable as well. However, the underlying flaw is still present and other novel ways leading to successful exploitation cannot be fully ruled out. Note that for Red Hat Enterprise Linux 8 (RHEL), the currently known exploits do not work.
This issue was publicly disclosed on March 7, 2022, and rated with a severity impact of Important. This vulnerability is assigned CVE-2022-0847 and is also known as the Dirty Pipe vulnerability. Red Hat is aware of a vulnerability affecting the Linux kernel that allows an attacker to modify the contents of a file (either in memory or on disk) even when on read-only access mode.
0 kommentar(er)
