Vulnerability Alert: Avoiding “Dirty Pipe” CVE-2022-0847 on Docker Engine and Docker Desktop


Mar 16 2022

You might have heard about a new Linux vulnerability that was released last week, CVE-2022-0847, aka “Dirty Pipe”. This vulnerability overwrites supposedly read-only files in the Linux kernel host, which could enable attackers to modify files inside the host images from the container instance.

If you use Docker Engine natively, we recommend you should update your Linux OS to a version that has patched the vulnerability, e.g. Linux 5.16.11, 5.15.25, and 5.10.102. 

For those of you using Docker Desktop, we recently released a patch of our own for Mac and for Windows.

To read more about the vulnerability itself, the blog by Max Kellerman provides the details and the blog by Rory McKune shows how this vulnerability could be exploited on containers. 

Feedback

0 thoughts on "Vulnerability Alert: Avoiding “Dirty Pipe” CVE-2022-0847 on Docker Engine and Docker Desktop"

DockerCon 2022

With over 50 sessions for developers by developers, watch the latest developer news, trends, and announcements from DockerCon 2022. From the keynote to product demos to technical breakout sessions, hacks, and tips & tricks, there’s something for everyone.

Watch Now