## -*- mode: moinmoin -*-
## eg '== GNU C Library buffer overflow in __nss_hostname_digits_dots() (CVE-2015-0235 aka GHOST) =='
== Page cache overwrite with pipes flaw in the Linux Kernel (CVE-2022-0847 aka Dirty Pipe) ==

## Description. Should contain a high level description and optional low level description along with how the vulnerability can be exploited and the result of exploitation

It was [[https://dirtypipe.cm4all.com/ | discovered]] that readable files could
be overwritten at the page cache level unintentionally or by a malicious actor.
That includes files that the process did not have write access to, were
immutable or were on read-only filesystems.

There are no mitigations available, as this involves core kernel code including
pipe and splice system calls. A kernel upgrade and reboot is necessary.

The specific vulnerability requires the presence of two kernel commits.

The first commit reutilizes new pipe buffers without clearing their flags. The
second commit introduces a flag that allows buffers to be merged.

The first commit is what requires a fix and is present on kernels starting with
version 4.9.

The second commit is only present on kernels starting with version 5.8. Users
of such kernels must upgrade in order to not be vulnerable to the described
attack.

The abuse of different flags could lead to unintended consequences, but as of
now, there is no known attack.

==== References ====

 * CM4all report:
   https://dirtypipe.cm4all.com/

## Versions section should include:
## - version fixed in upstream
## - version first introduced in upstream (if applicable)
## - version fixed in Ubuntu
## - reference to the USN

==== Updates ====

Ubuntu users are recommended to update to the latest kernel. The
majority of users should ensure that the following kernel packages are
installed:

|| '''Ubuntu Release''' || '''Base Kernel''' || '''Enablement Kernel''' ||
|| 21.10                || [[ https://launchpad.net/ubuntu/+source/linux/5.13.0-35.40 | linux-image-5.13.0-35-generic 5.13.0-35.40 ]] || N/A ||
|| 20.04 LTS            || N/A || [[ https://launchpad.net/ubuntu/+source/linux-hwe-5.13/5.13.0-35.40~20.04.1 | linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 ]] ||
|| 18.04 LTS            || N/A || N/A ||
|| 16.04 ESM 		|| N/A || N/A ||
|| 14.04 ESM            || N/A || N/A ||

## Timeline. Should include at a minimum:
## - when Ubuntu was notified
## - when USN was issued

==== Timeline ====
 * 2022 02 28: Receive notification of issue
 * 2022 03 07: Issue became public
 * 2022 03 08: Updated Ubuntu debs became available in [[ https://ubuntu.com/security/notices/USN-5317-1 | USN 5317-1 ]]
 * 2022 03 09: Updated Ubuntu cloud images became available

## <INCLUDE THIS SECTION IF NEW PUBLIC RELEASES FOR CLOUD IMAGES ARE NEEDED>
==== Public Cloud Image updates ====
 * Amazon AWS: 20220308 or newer
 * Windows Azure: 20220308 or newer
 * Google Compute Engine: 20220308 or newer
 * Ubuntu Core Images: 20220308 or newer

Cloud Images dailies will start appearing within 4 hours of the USN announcement. At the direction of the security team, the Cloud Image Team will start manually releasing new images to the public cloud.