14
April 2022
Dirty Pipe Vulnerability (CVE-2022-0847)
Mark Warren
Osirium Products are not affected by "Dirty Pipe"
In short: Osirium products are not affected by the so-called "Dirty Pipe" vulnerability.
The longer version: CVE-2022-0847 was published recently, describing an arbitrary file write vulnerability in Linux kernel versions later than 5.8. Potentially, it allows an unprivileged process to corrupt read-only files and has become known as the "Dirty Pipe" vulnerability.
After a detailed review, Osirium can confirm that the PPA and PEM virtual appliances do not include the affected Linux kernel. Osirium PAM is affected; however, unprivileged access is impossible for the PAM virtual appliance, so the vulnerability is not exposed.
The PAM virtual appliance will be updated with the necessary patches to address the vulnerability for complete protection. We recommend that all Osirium customers update their systems when the new version is released.
If you'd like any more information, don't hesitate to contact Osirium Support.