- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Classification:
attack
Tactic:
Technique:
Detect exploitation of CVE-2022-0847 “Dirty Pipe”. Dirty Pipe is a vulnerability in the Linux kernel which allows underprivileged processes to write to arbitrary readable files, leading to privilege escalation.
This detection triggers when the splice()
syscall is made and the PIPE_BUF_FLAG_CAN_MERGE
flag is set. Explanation of the vulnerability and exploitation can be found in the public disclosure.
splice.pipe_exit_flag
is PIPE_BUF_FLAG_CAN_MERGE
.Requires Agent version 7.35 or greater