We were once newcomers to the security research field and one of the most annoying problems we ran across was how to get a CVE published. After all, what good is it to find a juicy vulnerability if you can’t get the word out to others? So, as a resource to help our fellow researchers, we decided to put together a CVE publishing guide based on our experience, and honestly a lot of good old trial and error.

The situation with Dirty Pipe is rapidly evolving. We will update the information in this blog as it is released publicly. On March 7, 2022, Max Kellermann publicly disclosed a vulnerability in the Linux kernel, later named Dirty Pipe, which allows underprivileged processes to write to arbitrary readable files, leading to privilege escalation. This vulnerability affects kernel versions starting from 5.8.

Read also: Rompetrol hit by Hive ransomware, Mozilla fixes Firefox zero-days, and more.

Recently, CVE-2022-0847 was created detailing a flaw in the Linux kernel that can be exploited allowing any process to modify files regardless of their permission settings or ownership. The vulnerability has been named “Dirty Pipe” by the security community due to its similarity to “Dirty COW”, a privilege escalation vulnerability reported in CVE-2016-5195, and because the flaw exists in the kernel pipeline implementation.

Right on the heels of CVE-2022-4092, another local privilege escalation flaw in the Linux Kernel was disclosed on Monday, nicknamed “Dirty Pipe” by the discoverer. MITRE has designated this as CVE-2022-0847. Similar to the “Dirty COW” exploit (CVE-2016-5195), this flaw abuses how the Kernel manages pages in pipes and impacts the latest versions of Linux.

Just days after Russia launched its invasion against the people of Ukraine, news reports emerged of several cyberattacks. Deployed systematically ahead of the land invasion, Russian cyberattacks against Ukraine have rendered Ukrainian banks, government departments and other core services unavailable through the use of sophisticated ‘data wipers