CVE-2022-0847: Linux kernel: overwriting read-only files #2829
Labels
Comments
|
Since AKS uses Ubuntu for the node images, does this apply? |
|
@epierotto this CVE applies to 20.04 essentially, 18.04 running on the 5.4 tree is not affected. |
|
Action required from @Azure/aks-pm |
|
Issue needing attention of @Azure/aks-leads |
CocoWang-wql
added
the
resolution/answer-provided
ghost
removed
action-required
Needs Attention 👋
|
Thanks for reaching out. I'm closing this issue as it was marked with "Answer Provided" and it hasn't had activity for 2 days. |
ghost
locked as resolved and limited conversation to collaborators
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
A new vulnerability in the Linux kernel since
version 5.8 commit f6dd975583bd ("pipe: merge anon_pipe_buf*_ops") due
to uninitialized variables. It enables anybody to write arbitrary
data to arbitrary files, even if the file is O_RDONLY, immutable or on
a MS_RDONLY filesystem. It can be used to inject code into arbitrary
processes.
It is similar to CVE-2016-5195 "Dirty Cow", but is easier to exploit.
The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
https://www.openwall.com/lists/oss-security/2022/03/07/1
AKS Information:
AKS is not impacted by this vulnerability as it was introduced in the 5.8 tree, and AKS uses the 5.4 tree.
The text was updated successfully, but these errors were encountered: