Mar 14, 2022
Security updates: Linux® kernel vulnerability
A vulnerability called "Dirty Pipe" (CVE-2022-0847) allows users to increase their access via the page cache. Aiven's CISO writes about our mitigating actions.

James Arlen
|RSS FeedChief Information Security Officer at Aiven

On 7th March 2022, we became aware of CVE-2022-0847, also known as "Dirty Pipe". This vulnerability allows an unprivileged local user to write to pages in the page cache backed by read-only files. They could use this to increase their access to the system further by enhancing their privileges.
Current Status
An optional maintenance update will be made available to all customers which will patch them against this issue and can be implemented using the normal maintenance application functions already in use. Over the next 30 days, the optional update will be made mandatory and rolled out to all customers.
Impact on Aiven Services
The Aiven platform does not allow direct interaction with the underlying operating system. Additionally, Aiven’s architecture prevents cross-tenant impact from vulnerabilities such as this.
Our product and infrastructure security teams have reviewed our existing mitigations in context with this particular vulnerability. Furthermore, internal monitoring has been extended to help identify any exploitation attempts.
Further Information
For more information about the vulnerability, see CVE-2022-0847.
Related blogs
Jun 18, 2020
Managing projects just got easier in Aiven
You asked, we listened. You wanted better account management features for larger companies - today, they're available for use!
Michael
Mar 31, 2022
Secure your database access with HashiCorp Vault
Static credentials are a potential security risk. Learn how to setup dynamic credentials for your PostgreSQL® database with Hashicorp Vault.
Dewan
Jan 13, 2023
Aiven for PostgreSQL® now recreates logical replication slots automatically
No more worries about losing your logical replication slots during maintenance or failover - Aiven now recreates them for you! Find out more here.
Auri & Alexander
Subscribe to the Aiven newsletter
All things open source, plus our product updates and news in a monthly newsletter.