/plushcap/analysis/coder/coder-statement-on-the-recent-cve-2022-0185-vulnerability

Statement on the recent CVE-2022-0185 vulnerability

What's this blog post about?

A Meetup is being hosted at the Austin Office on September 24th, 2024. Interested attendees or speakers should express their interest. Recently, a vulnerability (CVE-2022-0185) was discovered in Linux kernel versions 5.1 and above, affecting users of Coder. The issue allows non-privileged users to gain root access by exploiting an integer underflow. Coder relies on third-party components that use non-privileged user namespaces for security and isolation. One mitigation strategy is to disable unprivileged user namespaces, but this may interfere with core system functionality. Instead, it's recommended to update the Linux kernel on all systems running Coder workspaces as soon as possible. Additionally, workspace process logging can be enabled in Coder version 1.27 to monitor exploit attempts. Ubuntu and Red Hat have released security bulletins for this issue, and users should check their distribution's security bulletins periodically for new information on potential vulnerabilities and install security patches as soon as they are available.

Company
Coder

Date published
Jan. 21, 2022

Author(s)
Cian Johnston

Word count
315

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.