Skip to content

Reboot broker and bridge for Dirty Pipe kernel vulnerability (CVE-2022-0847)

Subject: DirtyPipe vulnerability for VPSes - action required
Date: Fri, 11 Mar 2022 13:21:43 +0000

Dear Eclips.is user,

You may have heard of a recent vulnerability in the mainstream Linux Kernel, called the 'Dirty Pipe' vulnerability. This vulnerability may also be present in the kernel you are running on your VPS. The vulnerability means there is a risk that hackers have been able to inject code onto your VPS, but there is no indication that this vulnerability has actually been used to gain access to any of the machines.

In order to fix the vulnerability, updated kernels are available. To switch to this updated kernel, follow the below steps:

  1. Most users are using our default kernel. In this case we supply the kernel, you only have to reboot your VPS to make sure the latest version of the kernel is loaded.
  2. Once you restarted your VPS, you can check to see if you are using the fixed version of the kernel. You can check if the update was successful by running: uname -r If the version is 5.10.104 or newer, you are no longer vulnerable to this exploit.
  3. If you have restarted and the kernel version is still below 5.10.104 you should update your kernel yourself running: 
    apt-get update && apt-get dist-upgrade
    After this update, you will need to reboot your VPS, and you will no longer be vulnerable to this exploit.
  4. (Optional checks) Although we think chances are very slim, there is a theoretical possibility your system has already been compromised over the past days. If you want to make sure this has not happened, you could install debsums (apt install debsums) and run a full check on all installed packages to possibly detect files that were tampered with. You could also consider checking your /root/.ssh/authorized_keys for unknown entries.

Note: Although for most use cases this check will be sufficient, it does not consitute a comprehensive security scan. If you suspect you have been hacked you should (hire someone to) perform a more thorough check.

Please make sure to look into all of your VPSes.

If you are interested in the full story, the reporter of this vulnerability wrote an extensive blogpost on this here: https://dirtypipe.cm4all.com/

Please let us know if you have any remaining questions on this.

Edited by David Fifield