Note: lists.openchainproject.org will be down for maintenance on Monday, September 26th, starting at 9AM Pacific Time (4PM Monday September 26, 2022 UTC), for approximately one hour.
Open source security concern: Linux escalation issue “Dirty Pipe”
As many of you know, we have been covering more security issues here in OpenChain in recent times. This is largely due to demand by our audience. During our last security webinar it was flagged that the current global environment may lead to an increase in the number and intensive of vulnerabilities discovered.
An issue has been found in the Linux kernel (and therefore many Android devices as well as servers) that allows escalation to root. This allows full control over devices. It is regarded as one of the most severe security issues around the kernel in the last half decade or so. It may be worth talking to your security teams to see how they are solving in, and with your supply chain teams to see how they are ensuring suppliers are doing the same.
Issue tag: CVE-2022-0847
Linux has been bitten by its most high-severity vulnerability in years:
OpenChain General Manager
Book a meeting: