✓ Solved

When will CVE-2022-0847 be patched in Linode kernels?

CVE-2022-0847 (Dirty Pipe Linux Privilege Escalation) has been addressed in the most recent kernel patches, however it does not appear that the current linode kernels are patched. Is there a timeline for this or should users switch to distro-based kernels to get the security update?


8 Replies

✓ Best Answer

The -linode153 kernel is indeed patched. As of 10 March, this kernel has been promoted to latest.

This should also address whether newer 5.10.x and 5.15.x builds will be released.

We don't have plans at this point to build new 5.10.x or 5.15.x kernels.

This is a good question.
The "Latest 64 bit" is currently 5.16.3-x86_64-linode152 which would have the issue.

But I notice if I select the dropdown in

Linode > Configuration > Edit > Select a kernel

then I can pick 5.16.13-x86_x64-linode153 which should be new enough to have the kernel patch.
I haven't tested it yet, but that might be an option to get it more quickly.

Thanks for pointing that out. The vulnerability was fixed in 5.16.11 so 5.16.13-x86_64-linode153 should be good to go.

I will manually select the newer kernel until the "Latest 64 bit" option is updated.

$ uname -a 
Linux 5.16.13-x86_64-linode153 #1 SMP PREEMPT Tue Mar 8 14:16:05 EST 2022 x86_64 GNU/Linux

How about the 5.10.x line? Can we expect a linode compiled version of 5.10.102?

I temporarily removed the "Accepted Answer" flag to hopefully get clarity on the original question about a release timeline, from Linode Staff if possible. This should also address whether newer 5.10.x and 5.15.x builds will be released.

For reference, 5.16.11/5.15.25/5.10.102 are the versions in which the vulnerability has been fixed.

Why isn't the -linode153 kernel appearing at https://linode.com/kernels ? Not only is it not listed as the Latest, it's not actually there at all.

It appears that -linode153 was built two days ago on March 8, whereas https://www.linode.com/kernels/ was last updated February 8. Perhaps that page could use an automatic update mechanism.

Thanks for giving me the solution. I want to know when will CVE-2022-0847 be patched in Linode kernels and I found my solution over here. I also found a site online in which I found all the information related to the Talktosonic survey and now I don't have to search another website to find it.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct