/plushcap/analysis/aiven/security-updates-linux-kernel-vulnerability

Security updates: Linux® kernel vulnerability

What's this blog post about?

On March 7th, 2022, a vulnerability called "Dirty Pipe" (CVE-2022-0847) was discovered, which allows unprivileged local users to write to pages in the page cache backed by read-only files. This could potentially increase their access and enhance their privileges within the system. Aiven's CISO has outlined mitigating actions taken against this vulnerability, including an optional maintenance update for all customers that will be made mandatory over the next 30 days. The Aiven platform does not allow direct interaction with the underlying operating system, and its architecture prevents cross-tenant impact from such vulnerabilities. Additionally, internal monitoring has been extended to help identify any exploitation attempts.

Company
Aiven

Date published
March 14, 2022

Author(s)
James Arlen

Word count
529

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.