# CVE-2022-0847

* [Max Kellerman's post](https://dirtypipe.cm4all.com/)

* 5.8 < Vulnerable kernels < 5.10.102
* If a file can be read, it can be written also.

## Usage

* `splice(2)` moves data between files and through pipes without copying between kernel and user adress space
* Anonymous pipes permissions are not checked
    * Read only permissions on pages do not matter on a pipe level
* Splice is putting data into the pipe and malicious data afterwards in the same one to overwrite the mem page
* `PIPE_BUF_FLAG_CAN_MERGE` flag has to be activated in order to write back to a file
* Works as long as there is an offset to start of a page in the beginning of the writing