Dirty Pipeline CVE and Debian 11 VPS

I have been reading about the Linux kernel Dirty Pipeline CVE which is a privelege escalation for an untrusted user on a VPS.


The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.

I have Debian 11 VPS. Debian 11 runs kernel 5.10. So it is affected.

Upgraded linux-image packages have hit bullseye-security (in my case, linux-image-5.10.0-11-amd64, version 5.10.92-2, with a date-stamp of 2022-02-28).

However, if I have no untrusted users on my VPS, do I really need to update the kernel?

Will updating the kernel cause problems for my Hestia CP?

Will I need to restart the VPS for the kernel update to take effect?

Thanks for your advice in this matter.

yes, doesnt matter if you trust them or not, a hacked user will lead into privilege escalation.



Thank you. I will update the kernel and restart the server and hope that everything works.

It will for sure, you should anyway do it from time to time.

Is there such a thing as a trusted user ?!?! :smiley:
Whenever I see a kernel update, I schedule the restart so that the new kernel takes over. Though there are services like KernelCare that do live kernel updating, if you really need ultra high availability.

Yes you …

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.