Exploit for Improper Initialization in Linux Linux_Kernel CVE-2022-0847

Name: Exploit for Improper Initialization in Linux Linux_Kernel CVE-2022-0847
Rating: 5 (56 reviews)
2025-01-07 | CVSS 7.8
## https://sploitus.com/exploit?id=00370432-5330-5793-A38C-1BE57735505D
# Dirty Pipe Deployment
  For this challenge, you want to overwrtie the "cat.txt" read-only file using CVE-2022-0847 exploit
  There are many way to do it using the exploit
## Dependencies

- Linux Kernel Version 5.8 or later (vulnerable)
- gcc (GNU Compiler Collection) for compiling the exploit code

## First-Time Setup

1. **Set Up a Vulnerable Environment:**
  - For Linux Users:
      - Use a Linux distribution with Kernel version 5.8 or newer, but below the patched versions:
      - Patched versions include 5.16.11, 5.15.25, and 5.10.102.
      - Verify the kernel version on your system by running:
        uname -r
      - If your kernel is already patched, you may need to downgrade or use a different Linux installation to match the vulnerable criteria.
  - For Windows Users:
    - Install a Virtual Machine:
      - Download and install a virtual machine like Oracle VM VirtualBox or VMware.
    - Download a Vulnerable Linux Distribution:
      - Visit the Kali Linux Archives to download an older version of Kali Linux.
      - Suggested versions include any release with a 5.8 - 5.15 kernel (e.g., Kali 2021.1).
    - Alternatively, other Linux distributions with matching kernel versions will work (e.g., older versions of Ubuntu or Debian).
  - Set Up the VM:
    - Create a new virtual machine in VirtualBox:
    - Allocate at least 2 GB RAM and 10 GB disk space.
    - Use the downloaded ISO file to install the Linux distribution.
    - After installation, confirm the kernel version by running:
      uname -r
  - Install Required Tools:
    - After setting up the environment, ensure that the following tools are installed:
      - gcc: Required for compiling the exploit code.
      - make: For building projects if needed.
      - Update your package manager and install tools:
         sudo apt update
         sudo apt install gcc make -y
     
    

## Starting up the Challenge
1. **Start:**
  Make sure to check the kernel version! 
  Using this github link(https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker.git)

  Check file `cat.txt` is read-only file

  The limitations are:
  the attacker must have read permissions (because it needs to splice() a page into a pipe)
  the offset must not be on a page boundary (because at least one byte of that page must have been spliced into the pipe)
  the write cannot cross a page boundary (because a new anonymous buffer would be created for the rest)
  the file cannot be resized (because the pipe has its own page fill management and does not tell the page cache how much data has been appended)

2. **Deploy the Exploit:**
  - Create a pipe.

  - Fill the pipe with arbitrary data (to set the PIPE_BUF_FLAG_CAN_MERGE flag in all ring entries).

  - Drain the pipe (leaving the flag set in all struct pipe_buffer instances on the struct pipe_inode_info ring).

  -  Splice data from the target file (opened with O_RDONLY) into the pipe from just before the target offset.

  - Write arbitrary data into the pipe; this data will overwrite the cached file page instead of creating a new anomyous struct pipe_buffer because PIPE_BUF_FLAG_CAN_MERGE is set.

  - Overwrite the `cat.txt`, change the 
    `I'm a cat`
    `1444`
    to
    `I'm a dog`
    `2025`
  - Use check_cat.sh to check if it work or not
  chmod +x check_cat.sh
  ./check_cat.sh

## Challenge Regeneration
  Use following 
  chmod +x cat_generate.sh
  ./cat_generate.sh


## Publishing the Challenge

Hints are in `hints.txt`