The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.
CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195
The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.
A local, unprivileged attacker can escalate privileges to root.
Apply an update
Debian GNU/Linux Affected
Red Hat, Inc. Affected
SUSE Linux Affected
Arista Networks, Inc. Not Affected
Peplink Not Affected
Arch Linux Unknown
Fedora Project Unknown
Gentoo Linux Unknown
Openwall GNU/*/Linux Unknown
Slackware Linux Inc. Unknown
openSUSE project Unknown
Red Hat credits Phil Oester with reporting this vulnerability.
This document was written by Joel Land.
|Date First Published:||2016-10-21|
|Date Last Updated:||2016-11-17 13:17 UTC|