CVE REFERENCE | CRITICAL VULNERABILITY
Active ThreatUpdated 9 min read

CVE-2022-0847: Dirty Pipe Linux Kernel Vulnerability Explained and How to Fix It

A flaw in Linux kernel pipe buffer flag handling that lets any unprivileged local user overwrite read-only files, including SUID binaries, and achieve root without a race condition. Kernels 5.8 through 5.16.10 affected.

7.8
CVSS Score
No Race
Condition Required
5.8–5.16
Kernel Versions
Root
Execution Level

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

CVE-2022-0847, named Dirty Pipe by its discoverer Max Kellermann of CM4all, is a Linux kernel vulnerability disclosed March 7, 2022 that allows any unprivileged local user to overwrite the contents of arbitrary read-only files, including SUID root binaries, and achieve full root privilege escalation. The vulnerability was compared immediately to the 2016 Dirty Cow flaw (CVE-2016-5195) due to its similar impact of allowing unprivileged writes to read-only files, but Dirty Pipe is substantially easier to exploit: it requires no race condition and succeeds deterministically.

Affected kernels span versions 5.8 through 5.16.10, 5.15.25, and 5.10.102, introduced with the pipe buffer splice optimization in kernel 5.8. Android devices running kernel 5.8 or later were also affected, with working root exploits for flagship Android devices published within weeks of disclosure.

How Dirty Pipe Works: Uninitialized Pipe Buffer Flags

Linux pipes use ring buffers of memory pages. When data is spliced from a file into a pipe using the splice() syscall, the kernel adds a reference to the file's page cache into the pipe buffer. Each pipe buffer entry carries a flags field. The PIPE_BUF_FLAG_CAN_MERGE flag indicates that subsequent writes to the pipe can be merged into the existing page rather than allocated to a new one.

The bug: after a splice() call, the pipe buffer entry's flags field is not zeroed, it may retain PIPE_BUF_FLAG_CAN_MERGE from a previous operation. If that flag remains set, the next write() call to the pipe merges data directly into the existing page, which is the file's page cache page backed by the read-only file on disk. The attacker: (1) fills and drains the pipe to ensure CAN_MERGE is set on all entries, (2) splices from a target read-only file into the pipe, (3) writes malicious data, which merges into the file's page cache, overwriting its contents. No write permissions to the file are required.

1

Select a target read-only SUID binary

Identify a SUID root binary such as /usr/bin/passwd. The exploit will overwrite its first bytes with an execve payload that launches a root shell when the binary is invoked.

2

Fill pipe buffer to set CAN_MERGE on all entries

Create a pipe, write data to fill all pipe buffer entries, then drain the pipe. This ensures all pipe buffer entries have PIPE_BUF_FLAG_CAN_MERGE set from the previous write operations.

3

Splice from the target read-only file

Use splice() to pull data from the target SUID binary into the pipe at the desired offset. The pipe buffer entry now references the file's page cache page.

4

Write payload, overwrites the read-only file

Write attacker-controlled content to the pipe. The kernel merges it into the file's page cache page (because CAN_MERGE is set), overwriting the read-only file's content in memory.

5

Execute the overwritten SUID binary

Invoke the modified SUID binary. It executes the attacker's payload as root, spawning a root shell or executing any arbitrary command with full system privileges.

Container Escape and Android Impact

The Dirty Pipe exploit was adapted quickly for container escape scenarios. If a container has host filesystem paths bind-mounted, a common pattern for sharing configuration files, log directories, or persistent storage, the container process can exploit Dirty Pipe to overwrite files on the host bind-mounted path. By overwriting a host SUID binary or cron script accessible through the bind mount, an attacker inside the container achieves code execution on the host.

Android devices running kernel 5.8 or later were also in scope. Google addressed CVE-2022-0847 in the March 2022 Android Security Bulletin. Independent researchers published working root exploits for multiple Android flagship devices within weeks, demonstrating that the vulnerability was practically exploitable across platforms beyond enterprise Linux servers.

This bug is quite powerful, and can be exploited in many ways, write to any file, even read-only or immutable files in read-only file systems, as long as you have read access.

Max Kellermann, Dirty Pipe discovery writeup, March 2022
Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

Patching and Verifying the Fix

The fix was merged into the Linux kernel in releases 5.16.11, 5.15.25, and 5.10.102. All major distributions released updated kernel packages within days of the March 7, 2022 disclosure.

Subscribe to unlock Remediation & Mitigation steps

Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.

The bottom line

Dirty Pipe demonstrates that the Linux kernel's core inter-process communication primitives, pipes, splice(), page cache, can harbor privilege escalation vulnerabilities just as any other complex subsystem. The fact that the flaw was introduced in a performance optimization in kernel 5.8 and was reliably exploitable within hours of public disclosure highlights the challenge of securing kernel code paths where correctness and security properties interact subtly.

For security teams: the CVSS score of 7.8 understates the practical severity. Any threat actor with a foothold as any user on a Linux host running an affected kernel can root the machine in under a second. Kernel patching is not optional, it must be part of the same urgency framework as application vulnerability patching.

This analysis is generic — the platform version scores threats like this against your own stack.

Frequently asked questions

What is CVE-2022-0847 (Dirty Pipe)?

Dirty Pipe is a Linux kernel flaw where pipe buffer entries are not properly initialized after certain splice operations, leaving the PIPE_BUF_FLAG_CAN_MERGE flag set. This allows any local user to write attacker-controlled data into read-only file-backed page cache pages, overwriting files without write permissions.

How serious is Dirty Pipe?

CVSS 7.8 High. Any local user can reliably escalate to root in a single deterministic exploit attempt, no race condition required. Proof-of-concept exploits were published within hours of disclosure. Container escape variants appeared within days.

How is Dirty Pipe different from Dirty Cow (CVE-2016-5195)?

Both exploit Linux file page cache to allow unprivileged writes to read-only files. Dirty Cow required exploiting a race condition, making it unreliable. Dirty Pipe exploits a logic flaw with no timing dependency, it works on the first attempt, making it substantially easier to exploit reliably.

Does Dirty Pipe affect containers?

Yes. If a container has host filesystem paths bind-mounted, Dirty Pipe exploitation from inside the container can overwrite those host files, enabling container escape. Any Kubernetes or Docker deployment with host bind mounts on an affected kernel version is at risk.

How do I patch CVE-2022-0847?

Update to a patched kernel version: 5.16.11, 5.15.25, or 5.10.102 upstream. Via package manager: Ubuntu (apt-get update && apt-get install linux-image-generic && reboot), Fedora (dnf update kernel && reboot). Verify with uname -r after rebooting.

Does CVE-2022-0847 affect Android devices?

Yes. Android 12 and 12L shipped with Linux kernel 5.10, which contains the vulnerable pipe splice code. Google patched Dirty Pipe in the Android Security Bulletin for March 2022. Android 12 devices running pre-March 2022 security patches remain vulnerable. The attack lets any app with storage read access overwrite read-only files in /data, enabling replacement of system binaries or APKs with malicious versions to achieve root-equivalent access without a separate privilege escalation exploit.

Sources & references

  1. NVD
  2. Max Kellermann Original Disclosure
  3. CISA KEV

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.