KernelCare Enterprise Archives - TuxCare

Checking the Status of KernelCare Enterprise Patches

TuxCare’s KernelCare Enterprise provides live patches for various enterprise-grade Linux distributions. Preparing patches for each new CVE has to account for each of those distributions’ particular quirks and configurations, so the release timing for each may be slightly different. Let’s look at the whole process and how you can follow along with current development.

Continue reading “Checking the Status of KernelCare Enterprise Patches”

IT Automation With Live Patching

In a symphony orchestra, instruments harmonize to create one pleasing sound. Similarly, enterprise IT procedures orchestrate to introduce new systems to production, monitoring, and maintenance processes. IT automation with kernel live patching ensures this beautiful music sounds the same every time and never stops.

Continue reading “IT Automation With Live Patching”

“Dirty Pipes” in the Kernel

A few years ago, a vulnerability dubbed “Dirty Cow” (CVE-2016-5195) was in the spotlight for a while. It was a trivially exploitable privilege escalation path that basically affected any Linux distribution and was exploited in the wild extensively. That vulnerability abused the Kernel’s Copy-On-Write (COW) mechanism and was sometime later found to be remotely exploitable through web servers that allowed file uploads.

On the 7th of March of 2022, a similar vulnerability was disclosed, also affecting all recent Linux distributions, nicknamed “Dirty Pipe” (CVE-2022-0847). It lets an unprivileged user overwrite any file, or part of a file, in a Linux system, even read-only ones. Several variants have already been disclosed that allow for the replacement of SUID files.

Patches for CVE-2022-0847 will be made available through KernelCare in the coming days, and this post will be updated with availability information as each becomes ready. At this moment, vulnerable kernel versions include 5.8 and onwards, with the flawed commit having been backported to multiple 4.x versions as well.

[Update 9th March: Updates for RHEL 8 and Oracle EL 8 are now available for deployment. Further patches are being prepared for other distributions.

Update 10th March: Updates for CentOS8, Almalinux 8, Rocky Linux, Ubuntu 20.04, CloudLinux 8 and CloudLinux 7h are also completed and are going to show up on feeds.

Update 11th March: Another batch of updates released for Ubuntu 18.04, Proxmox VE5 and Proxmox VE6.]

To understand the underlying flaw behind CVE-2022-0847, it is important that we first offer some brief information regarding CVE-2016-5195. “Dirty Cow” was possible because a race condition was found in the Copy-On-Write subsystem within the kernel. As a result, an unprivileged user could write in otherwise unreachable memory locations through this flaw. This would “dirty” those memory locations, hence the name. Moving from this to an elevation of privilege is a trivial operation for any properly motivated malicious actor, and in fact, that is precisely what happened. While “Dirty Cow” started as a local-only exploit, it was soon discovered that web servers that had the option to accept uploads from users could also be used as an attack vector. Hence, the vulnerability turned out to be remotely exploitable.

Fast forward a few years, and now IT teams are faced with “Dirty Pipe”, or CVE-2022-0847 if you think nicknaming vulnerabilities is not a very professional thing to do. As the name suggests, the flaw this time lies in the pipe handling code. Pipes are used as a way to pass information between processes. The most visible way pipes are used is when chaining commands, passing the output from one to the next through a “pipe”. Note that pipes can be created directly in code rather than simply used in the shell by an end-user or script.

It turns out that code introduced in this commit to the Linux Kernel “refactored” the way pipe flags (a way to control pipe behavior) are handled. You can read the extensive process behind the discovery of this vulnerability here.

Long story short, it became possible to write user-controlled content at an also user-controlled location in any file within the system (note that, since everything in a Linux system is technically a “file”, new variants of this vulnerability may introduce new, as-of-yet unknown behaviors). For example, introducing new content into /etc/shadow, or other, more subtle, ways of manipulating a system.

Since the exploit code is trivial, it is already widely available online (while not a deterrent, we try to refrain from posting direct links to exploit code on our blog). Because pipes are a basic functionality of the Kernel, the potential risk posed by this vulnerability is very high. It is also noteworthy that several variants have already been found, where the same flaw is used to abuse other system components rather than just writing directly to otherwise unwritable files. It is not that far-fetched to imagine that remotely exploitable attack vectors will surface in the coming days, just like they appeared for “Dirty Cow” in 2016.

For a quick check customers might want to verify the kernel version in use. Kernels before 5.8 and starting with 5.16.11, 5.15.25, 5.10.102 are not affected. Other Kernel versions may depend on specific backporting policies by each vendor and are currently being evaluated.

Updates for RHEL 8, Oracle EL 8, CentOS8, Almalinux 8, Rocky Linux, Ubuntu 18.04, Ubuntu 20.04, Proxmox VE5, Proxmox VE6, CloudLinux 8 and CloudLinux 7h are now available for deployment through KernelCare Enterprise. Further patches are being prepared for other distributions. IT teams are strongly encouraged to patch this vulnerability as soon as possible. TuxCare’s patches for KernelCare Enterprise will be made available shortly, and this post will be updated to reflect the actual availability of these patches when each is released.

TuxCare’s KernelCare Enterprise is providing live patches for “Dirty Pipe” even when the original distribution vendor is not able to do so with their own live patching solution.

Through KernelCare Enterprise, receiving patches for this and other vulnerabilities can be done without disrupting running workloads or having to reboot systems. If you would like to know more about KernelCare Enterprise and other TuxCare products, please check here.

Key points to consider during your 7 days of KernelCare Enterprise POV

Proof of value (POV) is a key step in the buying process. It allows tech teams to test a product or service to find out whether it is fit for purpose, and a good match for the team’s needs. That’s why KernelCare offers a free seven-day period where you can test KernelCare for yourself.

It’s nonetheless a limited time period, and you need to make the best of it. In this article we outline some of the points you should think about when you try out KernelCare Enterprise in your organization. Continue reading “Key points to consider during your 7 days of KernelCare Enterprise POV”

How to Negotiate the Purchase of a New IT Tool – 5 Steps to Success

How to Negotiate the Purchase of a New IT Tool - 5 Steps to Success


The new year is finally upon us and with that comes the task of taking a careful examination of our IT practices over the previous years, establishing the areas that require improvement, and formulating a plan to tackle any unresolved issues via the purchase or acquisition of new IT tools. 2020 was a year unlike any other and nearly all industries were faced with considerable challenges that called for rapid adaptation, and the IT field was no exception.

Continue reading “How to Negotiate the Purchase of a New IT Tool – 5 Steps to Success”

The Best Practices for Cyber-resiliency in an Enterprise World

The Best Practices for Cyber-resiliency in an Enterprise WorldIn the face of adversity, your enterprise’s ability to continue with business, even in a degraded mode, heavily depends on the resiliency of its cyber systems. 

Continue reading “The Best Practices for Cyber-resiliency in an Enterprise World”

Take Part In The KernelCare Survey To Win A CKA Certification

KernelCare surveyParticipate in the KernelCare Survey to share your thoughts on the state of Enterprise vulnerability detection and patch management operations in your organization for a chance to win one of five Certified Kubernetes Administrator (CKA) Certifications from the Cloud Native Computing Foundation.

Continue reading “Take Part In The KernelCare Survey To Win A CKA Certification”

IT Compliance tools for the Enterprise (Banks, Insurance, Healthcare)

IT Compliance tools for the Enterprise (Banks, Insurance, Healthcare)Organizations that operate in the enterprise space – healthcare, insurance, banks, etc. – have unique and challenging cybersecurity compliance obligations. Enterprise data is, after all, frequently targeted. Continue reading “IT Compliance tools for the Enterprise (Banks, Insurance, Healthcare)”

How KernelCare Works to Keep You FedRAMP Compliant

How KernelCare Works to Keep You FedRAMP CompliantKeeping servers safe and keeping them secure and compliant, becomes a full-time job, one that can’t be left to chance, one that must be fully automated and fully supported. To do that, you need a live patching tool that integrates with automation tools and vulnerability scanners, one that is supported with the latest patches, and one that lets you decide what patches are rolled out across your organization and one that runs inside the firewall. A live patching solution not only makes software updates easier, but it also keeps you compliant with two sections of FedRAMP requirements including flaw remediation (SI-2) and malicious code protection (SI-3) of Security and Privacy Controls for Information Systems and Organizations.

Continue reading “How KernelCare Works to Keep You FedRAMP Compliant”


State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching