The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.
CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195
The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.
A local, unprivileged attacker can escalate privileges to root.
Apply an update
Red Hat credits Phil Oester with reporting this vulnerability.
|Date First Published:||2016-10-21|
|Date Last Updated:||2016-11-17 13:17 UTC|