New Critical Linux Kernel Vulnerability (Dirty Pipe) Patched Hours After Detection
Earlier today our security team received confirmation about a critical vulnerability in Linux affecting all kernels since 5.8 (CVE-2022-0847). Dubbed The Dirty Pipe, the vulnerability poses an extremely high-security risk, allowing attackers to overwrite key website files and gain full access to servers. Needless to say, that is a huge security threat with a very large scope that allows unprivileged access to root processes and configuration files.
Our security team started working on it immediately after the initial reports. Even though the Linux kernel is a third-party software, at SiteGround we’ve always been proactive, with a dedicated hands-on expert security team instead of waiting for an official patch release. Our kernel specialists developed a custom mitigation which was extensively tested. Once we were certain no other functionalities were affected, the fix was deployed across all our systems and servers, hours after the vulnerability was discovered.
We were among the very first, if not the first host, to successfully write and deploy a patch against this high-risk security threat. At the moment, no SiteGround servers are affected by this vulnerability and there was zero downtime involved in the entire process. Our clients are fully protected and don’t need to make any changes!
Comments ( 5 )
Bryan
Fantastic work SG. Very much appreciate your proactiveness! Could we get an email to advise and not just a notice on the dashboard in future?
Gergana Zhecheva Siteground Team
We are happy to hear our efforts are appreciated! The security fix deployed on our servers was a precautionary measure that did not require any action from our clients' side. That is why we shared the information only on our blog and inside the Client Area. Yet, we thank you for sharing your suggestion, it will be forwarded to our management for future consideration!
Ian - The Officient
Hey Guys, great work and thanks from the community for sure. If I could second this request regarding and email - perhaps there could be a developer/tech email subscriber list for these kind of tech updates? Helps us in our marketing of your product to our clients! :)
Gergana Zhecheva Siteground Team
We are glad to hear our efforts in keeping you safe are appreciated! Your suggestion has been forwarded to our Development Team. Thank you for your feedback!
Stach Redeker
Well done!
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
Leave a comment
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through