RSS
Mar 9, 2022 11:57:47 AM
Inessa Atmachian
Inessa Atmachian
Inessa Atmachian, Technical Writer at CloudLinux. Crafting comprehensive product documentation and keeping users informed with release notes and updates.

CloudLinux has patched the “Dirty Pipes” vulnerability

CVE1

The critical vulnerability CVE-2022-0847 affecting Linux kernels starting from 5.8 has been addressed by CloudLinux.

Also known as “Dirty Pipes”, it allows an unprivileged user to overwrite read-only files including SUID files. If exploited, it can greatly affect confidentiality, integrity, and availability.
You can find more information about it in this TuxCare blog post.

To make your kernel secure and avoid exploitation, update to the latest kernel version. It is available from the beta and from the rollout.

Changelog

kernel-4.18.0-348.12.2.lve.1.el8.x86_64

kernel-4.18.0-348.12.2.lve.1.el7h.x86_64

  • CLKRN-923: CVE-2022-0847: lib/iov_iter: initialize "flags" in new pipe_buffer

Beta

CloudLinux OS 8:

yum install kernel-4.18.0-348.12.2.lve.1.el8.x86_64 --enablerepo=cloudlinux-updates-testing

CloudLinux OS 7 hybrid:

yum install kernel-4.18.0-348.12.2.lve.1.el7h.x86_64 --enablerepo=cl7h_beta

Rollout

Rollout slot: 6

Rolled out to: 1

ETA for 100% rollout: one week

Update

CloudLinux OS 8: 
yum install kernel-4.18.0-348.12.2.lve.1.el8.x86_64
CloudLinux OS 7 hybrid: 
yum install kernel-4.18.0-348.12.2.lve.1.el7h.x86_64

Immediate update (via bypass)

CloudLinux OS 8:

yum install kernel-4.18.0-348.12.2.lve.1.el8.x86_64 --enablerepo=cloudlinux-rollout-6-bypass
CloudLinux OS 7 hybrid: 
yum install kernel-4.18.0-348.12.2.lve.1.el7h.x86_64 --enablerepo=cloudlinux-rollout-6-bypass

CloudLinux has patched the “Dirty Pipes” vulnerability

Mar 9, 2022 11:57:47 AM
Inessa Atmachian

CVE1

The critical vulnerability CVE-2022-0847 affecting Linux kernels starting from 5.8 has been addressed by CloudLinux.

Also known as “Dirty Pipes”, it allows an unprivileged user to overwrite read-only files including SUID files. If exploited, it can greatly affect confidentiality, integrity, and availability.
You can find more information about it in this TuxCare blog post.

To make your kernel secure and avoid exploitation, update to the latest kernel version. It is available from the beta and from the rollout.

Changelog

kernel-4.18.0-348.12.2.lve.1.el8.x86_64

kernel-4.18.0-348.12.2.lve.1.el7h.x86_64

  • CLKRN-923: CVE-2022-0847: lib/iov_iter: initialize "flags" in new pipe_buffer

Beta

CloudLinux OS 8:

yum install kernel-4.18.0-348.12.2.lve.1.el8.x86_64 --enablerepo=cloudlinux-updates-testing

CloudLinux OS 7 hybrid:

yum install kernel-4.18.0-348.12.2.lve.1.el7h.x86_64 --enablerepo=cl7h_beta

Rollout

Rollout slot: 6

Rolled out to: 1

ETA for 100% rollout: one week

Update

CloudLinux OS 8: 
yum install kernel-4.18.0-348.12.2.lve.1.el8.x86_64
CloudLinux OS 7 hybrid: 
yum install kernel-4.18.0-348.12.2.lve.1.el7h.x86_64

Immediate update (via bypass)

CloudLinux OS 8:

yum install kernel-4.18.0-348.12.2.lve.1.el8.x86_64 --enablerepo=cloudlinux-rollout-6-bypass
CloudLinux OS 7 hybrid: 
yum install kernel-4.18.0-348.12.2.lve.1.el7h.x86_64 --enablerepo=cloudlinux-rollout-6-bypass
imunify-logo

WEB SERVER SECURITY BLOG

READ MORE ABOUT WEB SERVER SECURITY

Subscribe to CloudLinux Newsletter

aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. CloudLinux Inc.
Terms of Use | Privacy Policy | Vulnerability Reporting | Legal | Do Not Sell My Personal Data

Call Sales at +1 (800) 231-7307
Email sales@cloudlinux.com