Indeni’s response to Dirty Pipe Exploit
Linux has yet another high-severity vulnerability known as Dirty Pipe that was disclosed on March 7, 2022. Dirty Pipe allows an attacker to overwrite arbitrary data in read-only files and can lead to privilege escalation via the injection of code into root processes. Tracked as CVE-2022-0847, the vulnerability affects all Linux machines running Linux Kernel 5.8 and later versions.
Indeni is aware of this issue. The Indeni product is running the ‘enterprise grade’ Ubuntu release 18.04 LTS (Long Term Support), 4.15 kernel which is not vulnerable to CVE-2022-0847.
Security is in our DNA. We take risk and vulnerability in open-source software very seriously. If you have additional questions related to Dirty Pipe, please do not hesitate to contact us.