Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Critical Kernel Bug: The Dirty Pipe Vulnerability

Critical Kernel Bug: The Dirty Pipe Vulnerability

Scheduled Pinned Locked Moved Support
securitykernel
2 Posts 2 Posters 604 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • njN Offline
      njN Offline
      nj
      wrote on last edited by girish
      #1

      I recently came across this post https://dirtypipe.cm4all.com/. Looks like everyone needs to look at this. What can be done to update the Kernel version, @girish @nebulon ?

      Timeline

      • 2021-04-29: first support ticket about file corruption

      • 2022-02-19: file corruption problem identified as Linux kernel bug, which turned out to be an exploitable vulnerability

      • 2022-02-20: bug report, exploit and patch sent to the Linux kernel security team

      • 2022-02-21: bug reproduced on Google Pixel 6; bug report sent to the Android Security Team

      • 2022-02-21: patch sent to LKML (without vulnerability details) as suggested by Linus Torvalds, Willy Tarreau and Al Viro

      • 2022-02-23: Linux stable releases with my bug fix (5.16.11, 5.15.25, 5.10.102)

      • 2022-02-24: Google merges my bug fix into the Android kernel

      • 2022-02-28: notified the linux-distros mailing list

      • 2022-03-07: public disclosure

      Founder / Coder • My Apps

      nebulonN 1 Reply Last reply
      1
      • njN nj

        I recently came across this post https://dirtypipe.cm4all.com/. Looks like everyone needs to look at this. What can be done to update the Kernel version, @girish @nebulon ?

        Timeline

        • 2021-04-29: first support ticket about file corruption

        • 2022-02-19: file corruption problem identified as Linux kernel bug, which turned out to be an exploitable vulnerability

        • 2022-02-20: bug report, exploit and patch sent to the Linux kernel security team

        • 2022-02-21: bug reproduced on Google Pixel 6; bug report sent to the Android Security Team

        • 2022-02-21: patch sent to LKML (without vulnerability details) as suggested by Linus Torvalds, Willy Tarreau and Al Viro

        • 2022-02-23: Linux stable releases with my bug fix (5.16.11, 5.15.25, 5.10.102)

        • 2022-02-24: Google merges my bug fix into the Android kernel

        • 2022-02-28: notified the linux-distros mailing list

        • 2022-03-07: public disclosure

        nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        @nj Cloudro relies on Ubuntu LTS versions and security updates are enabled automatically (independent from Cloudron releases). So once the ubuntu securty team updates the kernels, all Cloudrons will get is as well. Since this is a kernel issue, you will likely see some "reboot required" notification in your Cloudron dashboard afterwards.

        1 Reply Last reply
        3
        Reply
        • Reply as topic
        Log in to reply
        • Oldest to Newest
        • Newest to Oldest
        • Most Votes


          • Login

          • Don't have an account? Register

          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search