CVE-2022-0847: Dirty Pipe Linux Kernel Vulnerability Explained and How to Fix It
A flaw in Linux kernel pipe buffer flag handling that lets any unprivileged local user overwrite read-only files — including SUID binaries — and achieve root without a race condition. Kernels 5.8 through 5.16.10 affected.
CVE-2022-0847, named Dirty Pipe by its discoverer Max Kellermann of CM4all, is a Linux kernel vulnerability disclosed March 7, 2022 that allows any unprivileged local user to overwrite the contents of arbitrary read-only files — including SUID root binaries — and achieve full root privilege escalation. The vulnerability was compared immediately to the 2016 Dirty Cow flaw (CVE-2016-5195) due to its similar impact of allowing unprivileged writes to read-only files, but Dirty Pipe is substantially easier to exploit: it requires no race condition and succeeds deterministically.
Affected kernels span versions 5.8 through 5.16.10, 5.15.25, and 5.10.102 — introduced with the pipe buffer splice optimization in kernel 5.8. Android devices running kernel 5.8 or later were also affected, with working root exploits for flagship Android devices published within weeks of disclosure.
How Dirty Pipe Works: Uninitialized Pipe Buffer Flags
Linux pipes use ring buffers of memory pages. When data is spliced from a file into a pipe using the splice() syscall, the kernel adds a reference to the file's page cache into the pipe buffer. Each pipe buffer entry carries a flags field. The PIPE_BUF_FLAG_CAN_MERGE flag indicates that subsequent writes to the pipe can be merged into the existing page rather than allocated to a new one.
The bug: after a splice() call, the pipe buffer entry's flags field is not zeroed — it may retain PIPE_BUF_FLAG_CAN_MERGE from a previous operation. If that flag remains set, the next write() call to the pipe merges data directly into the existing page — which is the file's page cache page backed by the read-only file on disk. The attacker: (1) fills and drains the pipe to ensure CAN_MERGE is set on all entries, (2) splices from a target read-only file into the pipe, (3) writes malicious data — which merges into the file's page cache, overwriting its contents. No write permissions to the file are required.
Select a target read-only SUID binary
Identify a SUID root binary such as /usr/bin/passwd. The exploit will overwrite its first bytes with an execve payload that launches a root shell when the binary is invoked.
Fill pipe buffer to set CAN_MERGE on all entries
Create a pipe, write data to fill all pipe buffer entries, then drain the pipe. This ensures all pipe buffer entries have PIPE_BUF_FLAG_CAN_MERGE set from the previous write operations.
Splice from the target read-only file
Use splice() to pull data from the target SUID binary into the pipe at the desired offset. The pipe buffer entry now references the file's page cache page.
Write payload — overwrites the read-only file
Write attacker-controlled content to the pipe. The kernel merges it into the file's page cache page (because CAN_MERGE is set), overwriting the read-only file's content in memory.
Execute the overwritten SUID binary
Invoke the modified SUID binary. It executes the attacker's payload as root, spawning a root shell or executing any arbitrary command with full system privileges.
Container Escape and Android Impact
The Dirty Pipe exploit was adapted quickly for container escape scenarios. If a container has host filesystem paths bind-mounted — a common pattern for sharing configuration files, log directories, or persistent storage — the container process can exploit Dirty Pipe to overwrite files on the host bind-mounted path. By overwriting a host SUID binary or cron script accessible through the bind mount, an attacker inside the container achieves code execution on the host.
Android devices running kernel 5.8 or later were also in scope. Google addressed CVE-2022-0847 in the March 2022 Android Security Bulletin. Independent researchers published working root exploits for multiple Android flagship devices within weeks, demonstrating that the vulnerability was practically exploitable across platforms beyond enterprise Linux servers.
“This bug is quite powerful, and can be exploited in many ways — write to any file, even read-only or immutable files in read-only file systems, as long as you have read access.”
— Max Kellermann, Dirty Pipe discovery writeup, March 2022
Patching and Verifying the Fix
The fix was merged into the Linux kernel in releases 5.16.11, 5.15.25, and 5.10.102. All major distributions released updated kernel packages within days of the March 7, 2022 disclosure.
Update kernel via distribution package manager and reboot
Ubuntu: apt-get update && apt-get install linux-image-generic && reboot. Fedora/RHEL: dnf update kernel && reboot. Arch: pacman -Syu linux && reboot. After rebooting, verify with uname -r that the running kernel is at or above the patched version.
Verify SUID binary integrity after patching
Dirty Pipe does not automatically restore overwritten files. Compare all SUID binaries against known-good hashes or reinstall packages. On RHEL/CentOS: rpm -Va. On Ubuntu/Debian: dpkg --verify. Any binary showing unexpected modification requires package reinstall.
Audit container configurations for host bind mounts
Review all Kubernetes pod specs and Docker compose/run configurations for hostPath mounts. For containers on affected kernel versions that have host filesystem mounts, treat any local code execution in those containers as a potential host escape. Remove unnecessary host bind mounts.
Update Android devices
Apply the March 2022 Android Security Bulletin update from your device manufacturer. On devices without available OEM updates for affected kernel versions, restrict local code execution paths by disabling ADB and limiting app sideloading.
The bottom line
Dirty Pipe demonstrates that the Linux kernel's core inter-process communication primitives — pipes, splice(), page cache — can harbor privilege escalation vulnerabilities just as any other complex subsystem. The fact that the flaw was introduced in a performance optimization in kernel 5.8 and was reliably exploitable within hours of public disclosure highlights the challenge of securing kernel code paths where correctness and security properties interact subtly.
For security teams: the CVSS score of 7.8 understates the practical severity. Any threat actor with a foothold as any user on a Linux host running an affected kernel can root the machine in under a second. Kernel patching is not optional — it must be part of the same urgency framework as application vulnerability patching.
Frequently asked questions
What is CVE-2022-0847 (Dirty Pipe)?
Dirty Pipe is a Linux kernel flaw where pipe buffer entries are not properly initialized after certain splice operations, leaving the PIPE_BUF_FLAG_CAN_MERGE flag set. This allows any local user to write attacker-controlled data into read-only file-backed page cache pages — overwriting files without write permissions.
How serious is Dirty Pipe?
CVSS 7.8 High. Any local user can reliably escalate to root in a single deterministic exploit attempt — no race condition required. Proof-of-concept exploits were published within hours of disclosure. Container escape variants appeared within days.
How is Dirty Pipe different from Dirty Cow (CVE-2016-5195)?
Both exploit Linux file page cache to allow unprivileged writes to read-only files. Dirty Cow required exploiting a race condition, making it unreliable. Dirty Pipe exploits a logic flaw with no timing dependency — it works on the first attempt, making it substantially easier to exploit reliably.
Does Dirty Pipe affect containers?
Yes. If a container has host filesystem paths bind-mounted, Dirty Pipe exploitation from inside the container can overwrite those host files, enabling container escape. Any Kubernetes or Docker deployment with host bind mounts on an affected kernel version is at risk.
How do I patch CVE-2022-0847?
Update to a patched kernel version: 5.16.11, 5.15.25, or 5.10.102 upstream. Via package manager: Ubuntu (apt-get update && apt-get install linux-image-generic && reboot), Fedora (dnf update kernel && reboot). Verify with uname -r after rebooting.
Sources & references
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, weekly, no spam.
Unsubscribe anytime. We never sell your data.
Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals weekly.