New Critical Linux Kernel Vulnerability (Dirty Pipe) Patched Hours After Detection

Earlier today our security team received confirmation about a critical vulnerability in Linux affecting all kernels since 5.8 (CVE-2022-0847). Dubbed The Dirty Pipe, the vulnerability poses an extremely high security risk, allowing attackers to overwrite key website files and to gain full access to servers. Needless to say, that is a huge security threat with a very large scope that allows unprivileged access to root processes and configuration files.

Our security team started working on it immediately after the initial reports. Even though the Linux kernel is a third-party software, at SiteGround we’ve always been proactive, with a dedicated hands-on expert security team instead of waiting for an official patch release. Our kernel specialists developed a custom mitigation which was extensively tested. Once we were certain no other functionalities were affected, the fix was deployed across all our systems and servers, hours after the vulnerability was discovered.

We were among the very first, if not the first host, to successfully write and deploy a patch against this high-risk security threat. At the moment, no SiteGround servers are affected by this vulnerability and there was zero downtime involved in the entire process. Our clients are fully protected and don’t need to make any changes!

author avatar
Hristo Pandjarov

WordPress Initiatives Manager

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Security

Comments ( 5 )

author avatar

Bryan

Mar 13, 2022

Fantastic work SG. Very much appreciate your proactiveness! Could we get an email to advise and not just a notice on the dashboard in future?

Reply
author avatar

Gergana Zhecheva Siteground Team

Mar 14, 2022

We are happy to hear our efforts are appreciated! The security fix deployed on our servers was a precautionary measure that did not require any action from our clients' side. That is why we shared the information only on our blog and inside the Client Area. Yet, we thank you for sharing your suggestion, it will be forwarded to our management for future consideration!

Reply
author avatar

Ian - The Officient

Mar 23, 2022

Hey Guys, great work and thanks from the community for sure. If I could second this request regarding and email - perhaps there could be a developer/tech email subscriber list for these kind of tech updates? Helps us in our marketing of your product to our clients! :)

Reply
author avatar

Gergana Zhecheva Siteground Team

Mar 23, 2022

We are glad to hear our efforts in keeping you safe are appreciated! Your suggestion has been forwarded to our Development Team. Thank you for your feedback!

Reply
author avatar

Stach Redeker

Mar 15, 2022

Well done!

Reply

Start discussion