A race condition exists in the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus gain elevated privileges on the system.

Resolution

Upgrade to a fixed kernel package from your Linux vendor.

References

<http://dirtycow.ninja/>
<https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c>

Limitations

Exploit requires an existing unprivileged connection to the target.

Platforms

Linux

openvas 24

nessus 56

android 2

oraclelinux 7

thn 4

securelist 2

redhat 14

zdt 7

suse 18

ubuntu 10

debiancve 1

chrome 1

paloalto 1

cisa 1

f5 2

saint 3

ibm 7

canvas 1

packetstorm 2

cve 2

archlinux 3

veracode 1

fedora 3

seebug 2

centos 3

huawei 1

ubuntucve 1

altlinux 1

myhack58 1

threatpost 3

cert 1

slackware 1

attackerkb 1

arista 1

cisco 1

fortinet 1

prion 2

amazon 1

vmware 2

cisa_kev 1

malwarebytes 1

redhatcve 1

kitploit 1

openvas

Fedora Update for kernel FEDORA-2016-c3558808cd

2016-11-14 00:00:00

Ubuntu Update for linux-lts-trusty USN-3105-2

2016-10-21 00:00:00

RedHat Update for kernel RHSA-2016:2098-01

2016-10-25 00:00:00

nessus

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2596-1) (Dirty COW)

2016-10-26 00:00:00

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2585-1) (Dirty COW)

2016-10-26 00:00:00

Scientific Linux Security Update : Important: kernel on SL6.x i386/x86_64 (20161025) (Dirty COW)

2016-10-26 00:00:00

android

CVE-2016-5195

2016-11-01 00:00:00

dirtyc0w

2016-10-13 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2016-10-21 00:00:00

kernel security update

2016-10-24 00:00:00

Unbreakable Enterprise kernel security update

2016-10-21 00:00:00

thn

Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

2016-10-20 23:02:00

'Exodus' Surveillance Malware Found Targeting Apple iOS Users

2019-04-09 07:19:00

Researchers Warn of Linux Kernel 'Dirty Pipe' Arbitrary File Overwrite Vulnerability

2022-03-08 07:43:00

securelist

Mobile malware evolution 2019

2020-02-25 10:00:43

APT trends report Q1 2019

2019-04-30 10:00:31

redhat

(RHSA-2016:2126) Important: kernel security update

2016-10-31 00:00:00

(RHSA-2016:2098) Important: kernel security update

2016-10-24 12:01:05

(RHSA-2016:2132) Important: kernel security and bug fix update

2016-11-01 10:16:02

zdt

DirtyCow Linux Kernel Race Condition Exploit

2016-10-22 00:00:00

Linux Kernel 2.6.22 < 3.9 - Dirty COW PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/p

2016-11-29 00:00:00

Linux Kernel 2.6.22 < 3.9 - Dirty COW /proc/self/mem Race Condition Privilege Escalation (/etc/pa

2016-11-29 00:00:00

suse

Security update for the Linux Kernel (important)

2016-10-21 19:14:25

Security update for the Linux Kernel (important)

2016-10-21 21:08:21

Security update for the Linux Kernel (important)

2016-10-24 17:08:24

ubuntu

Linux kernel vulnerability

2016-10-20 00:00:00

Linux kernel (OMAP4) vulnerability

2016-10-20 00:00:00

Linux kernel (Raspberry Pi 2) vulnerability

2016-10-20 00:00:00

debiancve

CVE-2016-5195

2016-11-10 21:59:00

chrome

Stable Channel Update for Chrome OS

2016-10-26 00:00:00

paloalto

Kernel Vulnerability

2017-02-21 19:30:00

cisa

Linux Kernel Vulnerability

2016-10-21 00:00:00

SOL10558632 - Linux privilege-escalation vulnerability (Dirty COW) CVE-2016-5195

2016-10-21 00:00:00

K10558632 : Linux privilege-escalation vulnerability CVE-2016-5195

2016-10-21 00:00:00

saint

Linux Dirty COW Local File Overwrite

2016-10-27 00:00:00

Linux Dirty COW Local File Overwrite

2016-10-27 00:00:00

Linux Dirty COW Local File Overwrite

2016-10-27 00:00:00

ibm

Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)

2018-12-08 04:55:34

Security Bulletin: Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)

2022-02-16 22:09:18

Security Bulletin: IBM Security Access Manager appliances may be affected by a kernel vulnerability known as the Dirty COW bug (CVE-2016-5195)

2018-06-16 21:50:05

canvas

Immunity Canvas: LINUX_FOLL_WRITE_COW

2016-11-10 21:59:00

packetstorm

Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation

2016-11-28 00:00:00

Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation

2016-11-25 00:00:00

cve

CVE-2016-5195

2016-11-10 21:59:00

CVE-2016-3919

2016-11-25 18:59:00

archlinux

[ASA-201610-11] linux-lts: privilege escalation

2016-10-21 00:00:00

[ASA-201610-14] linux: privilege escalation

2016-10-22 00:00:00

[ASA-201610-16] linux-grsec: privilege escalation

2016-10-24 00:00:00

veracode

Arbitrary Code Execution

2019-01-15 09:14:05

fedora

[SECURITY] Fedora 24 Update: kernel-4.7.9-200.fc24

2016-10-22 17:20:39

[SECURITY] Fedora 23 Update: kernel-4.7.9-100.fc23

2016-10-23 22:49:20

[SECURITY] Fedora 25 Update: kernel-4.8.3-300.fc25

2016-10-22 12:53:27

seebug

Linux kernel 2.6.22 < 3.9 elevation of privilege vulnerability (Dirty COW)

2016-10-22 00:00:00

"Huge Dirty COW" (CVE-2017–1000405)

2017-11-30 00:00:00

centos

kernel, perf, python security update

2016-10-25 11:17:10

kernel, perf, python security update

2016-10-26 07:33:13

kernel security update

2016-10-28 13:34:09

huawei

Security Advisory - Dirty COW Vulnerability in Huawei Products

2016-12-07 00:00:00

ubuntucve

CVE-2016-5195

2016-10-19 00:00:00

altlinux

Security fix for the ALT Linux 7 package kernel-image-std-def version 1:3.14.79-alt0.M70P.2

2016-10-25 00:00:00

myhack58

CVE-2 0 1 6-5 1 9 5 dirty cattle vulnerability: the Linux kernel through kill to mention the right vulnerability-vulnerability warning-the black bar safety net

2016-10-21 00:00:00

threatpost

Serious Dirty Cow Linux Vulnerability Under Attack

2016-10-21 11:21:36

Flaw Found In Dirty COW Patch

2017-12-01 11:43:06

Dirty Cow Vulnerability Patched in Android Security Bulletin

2016-12-05 15:32:51

cert

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

2016-10-21 00:00:00

slackware

[slackware-security] kernel

2016-11-01 03:40:05

attackerkb

CVE-2016-5195

2016-11-10 00:00:00

arista

Security Advisory 0026

2016-10-21 00:00:00

cisco

Vulnerability in Linux Kernel Affecting Cisco Products: October 2016

2016-10-26 15:00:00

fortinet

Linux Kernel Dirty Cow Vulnerability

2016-11-09 00:00:00

prion

Race condition

2016-11-10 21:59:00

Design/Logic Flaw

2016-11-25 18:59:00

amazon

Critical: kernel

2016-10-20 04:11:00

vmware

VMware product updates address local privilege escalation vulnerability in Linux kernel

2016-11-09 00:00:00

VMware product updates address local privilege escalation vulnerability in Linux kernel

2016-11-09 00:00:00

cisa_kev

Linux Kernel Race Condition Vulnerability

2022-03-03 00:00:00

malwarebytes

Linux “Dirty Pipe” vulnerability gives unprivileged users root access

2022-03-11 14:38:30

redhatcve

CVE-2017-1000405

2017-11-30 07:49:34

kitploit

K0Otkit - Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters

2022-05-31 12:30:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.879 High

EPSS

Percentile

98.4%

JSON

Related for SAINT:1E3BA1480EBC78481EFFC9BD1CFFBBE2