Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

k2U79!KvW9AXpwAc

Members
  • Joined

  1. Thanks so much for that 🙏🏼 CA is amazing - really makes Unraid, and thus my homelab, useful for me. My big worry about a vulnerability like this is that it makes me hesitant to load new stuff in CA. Would a dockerized app be able to exploit this vulnerability? I expect a VM would isolate the exploit, but since containers share the host kernel, the vulnerability may be passed through as well.
  2. I would be delighted if that was the case. I may be inaccurate describing this purely as a privilege escalation vulnerability. It allows an attacker with access to an unprivileged user (all the way down to "nobody") to "to overwrite any file contents cached in memory. Dirty Pipe can do this even if the file is not permitted to be written." Researchers have demonstrated that this vulnerability can be used to: add an SSH key to the root user's account link hijack an SUID binary to create a root shell link overwrite data in read-only files link I don't have sufficient depth on Unraid's architecture to know whether defense in depth strategies will mitigate this. I just saw that it's a kernel level vulnerability and we're running an effected kernel version.
  3. The Slackware 15.0 release notes say they're on Kernel 5.15.19, so that's vulnerable too. I cannot find any mention of this CVE on the Slackware security advisories.
  4. Search shows zero mentions of CVE-2022-0847 on the forums, so I'm starting a new thread. This is a privilege escalation vulnerability introduced in Linux Kernel 5.8. It is fixed in 5.16.11, 5.15.25, and 5.10.102. Unraid OS 6.9.2 runs Kernel 5.10.28, so the current release of Unraid is vulnerable. Can we get a patch for this? Resources https://dirtypipe.cm4all.com/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847 https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.