Dirty Pipeline CVE and Debian 11 VPS

David-Spring · March 10, 2022, 7:55pm

I have been reading about the Linux kernel Dirty Pipeline CVE which is a privelege escalation for an untrusted user on a VPS.

https://dirtypipe.cm4all.com/

The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.

I have Debian 11 VPS. Debian 11 runs kernel 5.10. So it is affected.

Upgraded linux-image packages have hit bullseye-security (in my case, linux-image-5.10.0-11-amd64, version 5.10.92-2, with a date-stamp of 2022-02-28).

However, if I have no untrusted users on my VPS, do I really need to update the kernel?

Will updating the kernel cause problems for my Hestia CP?

Will I need to restart the VPS for the kernel update to take effect?

Thanks for your advice in this matter.

Raphael · March 10, 2022, 7:57pm

yes, doesnt matter if you trust them or not, a hacked user will lead into privilege escalation.

no

yes

David-Spring · March 10, 2022, 8:09pm

Thank you. I will update the kernel and restart the server and hope that everything works.

Raphael · March 10, 2022, 8:11pm

It will for sure, you should anyway do it from time to time.

Felix · March 16, 2022, 8:48am

Is there such a thing as a trusted user ?!?!
Whenever I see a kernel update, I schedule the restart so that the new kernel takes over. Though there are services like KernelCare that do live kernel updating, if you really need ultra high availability.

eris · March 16, 2022, 9:12am

Yes you …

system · April 15, 2022, 9:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.