Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Overview

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.

Description

CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization (‘Race Condition’) - CVE-2016-5195

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.

Note that this vulnerability is reported as being actively exploited in the wild.

---

Impact

A local, unprivileged attacker can escalate privileges to root.

---

Solution

Apply an update

Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions’ normal update process.

---

Vendor Information

243144

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

CentOS Affected

Notified: October 21, 2016 Updated: October 27, 2016

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• https://www.centos.org/forums/viewtopic.php?f=51&t=59782&hilit=CVE%202016%205195&start=10

CoreOS Affected

Notified: October 21, 2016 Updated: October 24, 2016

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://coreos.com/blog/CVE-2016-5195.html&gt;

Debian GNU/Linux Affected

Notified: October 21, 2016 Updated: October 24, 2016

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://www.debian.org/security/2016/dsa-3696&gt;
• <https://security-tracker.debian.org/tracker/CVE-2016-5195&gt;

Red Hat, Inc. Affected

Notified: October 21, 2016 Updated: October 21, 2016

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://access.redhat.com/security/cve/cve-2016-5195&gt;

SUSE Linux __ Affected

Notified: October 21, 2016 Updated: October 24, 2016

Status

Affected

Vendor Statement

SUSE and the openSUSE project are affected by this issue and we have released updates.

<https://www.suse.com/security/cve/CVE-2016-5195.html&gt;

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://www.suse.com/security/cve/CVE-2016-5195.html&gt;

Ubuntu Affected

Notified: October 21, 2016 Updated: October 24, 2016

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html&gt;

Arista Networks, Inc. __ Not Affected

Notified: October 21, 2016 Updated: October 24, 2016

Statement Date: October 24, 2016

Status

Not Affected

Vendor Statement

Arista Network’s software products EOS and Cloud Vision Portal (CVP) are not exploitable by CVE-2016-5195 (Kernel Local Privilege Escalation).

For further information:
<https://www.arista.com/en/support/advisories-notices/security-advisories/1753-field-notice-0026&gt;

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://www.arista.com/en/support/advisories-notices/security-advisories/1753-field-notice-0026&gt;

Peplink __ Not Affected

Updated: November 17, 2016

Statement Date: November 17, 2016

Status

Not Affected

Vendor Statement

Wanting to state that Peplink Pepwave products are not affected by Dirty COW

Our own announcement:
<https://forum.peplink.com/threads/7579-Unaffected-Security-Notice-for-Dirty-COW-CVE-2016-5195&gt;

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://forum.peplink.com/threads/7579-Unaffected-Security-Notice-for-Dirty-COW-CVE-2016-5195&gt;

Arch Linux Unknown

Notified: October 21, 2016 Updated: October 21, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Fedora Project Unknown

Notified: October 21, 2016 Updated: October 21, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Gentoo Linux Unknown

Notified: October 21, 2016 Updated: October 21, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Openwall GNU/*/Linux Unknown

Notified: October 21, 2016 Updated: October 21, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Slackware Linux Inc. Unknown

Notified: October 21, 2016 Updated: October 21, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Tizen Unknown

Notified: October 21, 2016 Updated: October 21, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Turbolinux Unknown

Notified: October 21, 2016 Updated: October 21, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

openSUSE project Unknown

Notified: October 21, 2016 Updated: October 21, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

View all 16 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base	6.8	AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal	5.6	E:F/RL:OF/RC:C
Environmental	5.6	CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

• <https://dirtycow.ninja/&gt;
• <https://access.redhat.com/security/cve/cve-2016-5195&gt;
• <https://security-tracker.debian.org/tracker/CVE-2016-5195&gt;
• <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html&gt;
• <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3&gt;
• <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9&gt;
• <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26&gt;
• <https://cwe.mitre.org/data/definitions/362.html&gt;

Acknowledgements

Red Hat credits Phil Oester with reporting this vulnerability.

This document was written by Joel Land.

Other Information

CVE IDs:	CVE-2016-5195
Date Public:	2016-10-20 Date First Published: