Security updates: Linux® kernel vulnerability
On March 7th, 2022, a vulnerability called "Dirty Pipe" (CVE-2022-0847) was discovered, which allows unprivileged local users to write to pages in the page cache backed by read-only files. This could potentially increase their access and enhance their privileges within the system. Aiven's CISO has outlined mitigating actions taken against this vulnerability, including an optional maintenance update for all customers that will be made mandatory over the next 30 days. The Aiven platform does not allow direct interaction with the underlying operating system, and its architecture prevents cross-tenant impact from such vulnerabilities. Additionally, internal monitoring has been extended to help identify any exploitation attempts.
Company
Aiven
Date published
March 14, 2022
Author(s)
James Arlen
Word count
529
Language
English
Hacker News points
None found.