New Critical Linux Kernel Vulnerability (Dirty Pipe) Patched Hours After Detection
Earlier today our security team received confirmation about a critical vulnerability in Linux affecting all kernels since 5.8 (CVE-2022-0847). Dubbed The Dirty Pipe, the vulnerability poses an extremely high-security risk, allowing attackers to overwrite key website files and gain full access to servers. Needless to say, that is a huge security threat with a very large scope that allows unprivileged access to root processes and configuration files.
Our security team started working on it immediately after the initial reports. Even though the Linux kernel is a third-party software, at SiteGround we’ve always been proactive, with a dedicated hands-on expert security team instead of waiting for an official patch release. Our kernel specialists developed a custom mitigation which was extensively tested. Once we were certain no other functionalities were affected, the fix was deployed across all our systems and servers, hours after the vulnerability was discovered.
We were among the very first, if not the first host, to successfully write and deploy a patch against this high-risk security threat. At the moment, no SiteGround servers are affected by this vulnerability and there was zero downtime involved in the entire process. Our clients are fully protected and don’t need to make any changes!