Aiven Blog

Mar 14, 2022

Security updates: Linux® kernel vulnerability

A vulnerability called "Dirty Pipe" (CVE-2022-0847) allows users to increase their access via the page cache. Aiven's CISO writes about our mitigating actions.


James Arlen

|RSS Feed

Chief Information Security Officer at Aiven

On 7th March 2022, we became aware of CVE-2022-0847, also known as "Dirty Pipe". This vulnerability allows an unprivileged local user to write to pages in the page cache backed by read-only files. They could use this to increase their access to the system further by enhancing their privileges.

Current Status

An optional maintenance update will be made available to all customers which will patch them against this issue and can be implemented using the normal maintenance application functions already in use. Over the next 30 days, the optional update will be made mandatory and rolled out to all customers.

Impact on Aiven Services

The Aiven platform does not allow direct interaction with the underlying operating system. Additionally, Aiven’s architecture prevents cross-tenant impact from vulnerabilities such as this.

Our product and infrastructure security teams have reviewed our existing mitigations in context with this particular vulnerability. Furthermore, internal monitoring has been extended to help identify any exploitation attempts.

Further Information

For more information about the vulnerability, see CVE-2022-0847.

Related resources

  • Data and disaster recovery illustration

    Mar 17, 2021

    We don’t like to think about disasters, but sometimes they just happen. Find out how you should prepare your data for the worst, even while hoping for the best.

  • Data security compliance in the cloud illustration

    Apr 7, 2021

    Aiven’s long list of security standard compliances is an advantage to our customers. Find out how cloud service buyers and providers both benefit.

  • A message from our CEO Oskari Saarenmaa

    Jan 17, 2023

    Earlier today, Oskari shared this message with Aiven employees.