Dirty COW Linux Kernel Local Privilege Escalation Vulnerability (CVE-2016-5195)

October 24, 2016

Summary

A critical flaw dubbed "Dirty COW" was found in the Linux kernel. A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. [1] [6]

Most, if not all, modern Linux distributions are affected because this flaw exists in the kernel. Administrators of Linux systems are advised to patch as soon as possible, especially on multi-user systems.

Impact

Successful exploitation of this vulnerability allows unprivileged, local users to escalate their privileges to root on the affected Linux system.

Vulnerable

  • RedHat Linux 5, 6, 7
  • Debian Linux 7 ("wheezy"), 8 ("jessie")
  • Ubuntu Linux 12.04 LTS, 14.04 LTS, 16.04 LTS, 16.10
  • Scientific Linux SL7
  • Most, if not all, modern Linux distributions. See SecurityFocus' list of vulnerable Linux kernel versions. [5]

Recommendations

  • Install patches immediately using the references below. If your distribution is not listed, consult your vendor or check if temporary mitigation is available for your distribution in the original advisory by EGI Software Vulnerability Group. [6]
  • RedHat Linux [1]
  • Debian Linux [2]
  • Ubuntu Linux [3]
  • Scientific Linux [4]

References