Vulnerability Note VU#243144
Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability
The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.
CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195
The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.
A local, unprivileged attacker can escalate privileges to root.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|CentOS||Affected||21 Oct 2016||27 Oct 2016|
|CoreOS||Affected||21 Oct 2016||24 Oct 2016|
|Debian GNU/Linux||Affected||21 Oct 2016||24 Oct 2016|
|Red Hat, Inc.||Affected||21 Oct 2016||21 Oct 2016|
|SUSE Linux||Affected||21 Oct 2016||24 Oct 2016|
|Ubuntu||Affected||21 Oct 2016||24 Oct 2016|
|Arista Networks, Inc.||Not Affected||21 Oct 2016||24 Oct 2016|
|Peplink||Not Affected||-||17 Nov 2016|
|Arch Linux||Unknown||21 Oct 2016||21 Oct 2016|
|Fedora Project||Unknown||21 Oct 2016||21 Oct 2016|
|Gentoo Linux||Unknown||21 Oct 2016||21 Oct 2016|
|openSUSE project||Unknown||21 Oct 2016||21 Oct 2016|
|Openwall GNU/*/Linux||Unknown||21 Oct 2016||21 Oct 2016|
|Slackware Linux Inc.||Unknown||21 Oct 2016||21 Oct 2016|
|Tizen||Unknown||21 Oct 2016||21 Oct 2016|
CVSS Metrics (Learn More)
Red Hat credits Phil Oester with reporting this vulnerability.
This document was written by Joel Land.
- CVE IDs: CVE-2016-5195
- Date Public: 20 Oct 2016
- Date First Published: 21 Oct 2016
- Date Last Updated: 17 Nov 2016
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.