Linux Dirty Pipe

Updated March 17th 2022

Risk: Critical

CVE: CVE-2022-0847

Affected Version: Linux Kernel 5.8 and later versions upto 5.10.101/5.15.24/5.16.10

Fix Version: 5.16.11, 5.15.25 and 5.10.102


 A Linux vulnerability that affects all kernels since 5.8, including Android, has been disclosed by security researcher Max Kellerman. Known as Dirty Pipe, it allows the overwriting of data in read-only files and can lead to privilege escalation via the injection of code into root processes. CVE-2022-0847 “Dirty Pipe” is very similar to “Dirty COW” vulnerability that target the copy on write (COW) mechanism in linux Kernel memory. Basically this flaw turns read-only mapping into a writable area and can be combine with additional exploits to pawn the system.


We suggest the latest Kernel patches are applied ASAP to remediate this vulernability. Its also worth noting the vendors and appliance providers maybe prone to this vulnerablity which highlights the need to keep accurate asset inventory to understand the full scope of the issue.

Remediation Steps

If you don’t have a patch yet, you can mitigate the problem in the RHEL family with the commands:

# echo 0 > /proc/sys/user/max_user_namespaces

# sudo sysctl –system

And, in the Debian/Ubuntu family with the command:

$ sudo sysctl kernel.unprivileged_userns_clone=0