Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

2016-10-21T00:00:00
ID VU:243144
Type cert
Reporter CERT
Modified 2016-11-17T00:00:00

Description

Overview

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.

Description

CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.

Note that this vulnerability is reported as being actively exploited in the wild.


Impact

A local, unprivileged attacker can escalate privileges to root.


Solution

Apply an update

Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions' normal update process.


Vendor Information

Vendor| Status| Date Notified| Date Updated
---|---|---|---
CentOS| | 21 Oct 2016| 27 Oct 2016
CoreOS| | 21 Oct 2016| 24 Oct 2016
Debian GNU/Linux| | 21 Oct 2016| 24 Oct 2016
Red Hat, Inc.| | 21 Oct 2016| 21 Oct 2016
SUSE Linux| | 21 Oct 2016| 24 Oct 2016
Ubuntu| | 21 Oct 2016| 24 Oct 2016
Arista Networks, Inc.| | 21 Oct 2016| 24 Oct 2016
Peplink| | -| 17 Nov 2016
Arch Linux| | 21 Oct 2016| 21 Oct 2016
Fedora Project| | 21 Oct 2016| 21 Oct 2016
Gentoo Linux| | 21 Oct 2016| 21 Oct 2016
openSUSE project| | 21 Oct 2016| 21 Oct 2016
Openwall GNU/*/Linux| | 21 Oct 2016| 21 Oct 2016
Slackware Linux Inc.| | 21 Oct 2016| 21 Oct 2016
Tizen| | 21 Oct 2016| 21 Oct 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 6.8 | AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal | 5.6 | E:F/RL:OF/RC:C
Environmental | 5.6 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

  • <https://dirtycow.ninja/>
  • <https://access.redhat.com/security/cve/cve-2016-5195>
  • <https://security-tracker.debian.org/tracker/CVE-2016-5195>
  • <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html>
  • <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3>
  • <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9>
  • <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26>
  • <https://cwe.mitre.org/data/definitions/362.html>

Credit

Red Hat credits Phil Oester with reporting this vulnerability.

This document was written by Joel Land.

Other Information

  • CVE IDs: CVE-2016-5195
  • Date Public: 20 Oct 2016
  • Date First Published: 21 Oct 2016
  • Date Last Updated: 17 Nov 2016
  • Document Revision: 14