search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Vulnerability Note VU#243144

Original Release Date: 2016-10-21 | Last Revised: 2016-11-17

Overview

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.

Description

CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.

Note that this vulnerability is reported as being actively exploited in the wild.

Impact

A local, unprivileged attacker can escalate privileges to root.

Solution

Apply an update

Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions' normal update process.

Vendor Information

243144
Expand all

CentOS

Notified:  October 21, 2016 Updated:  October 27, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.centos.org/forums/viewtopic.php?f=51&t=59782&hilit=CVE%202016%205195&start=10

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CoreOS

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://coreos.com/blog/CVE-2016-5195.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian GNU/Linux

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.debian.org/security/2016/dsa-3696 https://security-tracker.debian.org/tracker/CVE-2016-5195

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://access.redhat.com/security/cve/cve-2016-5195

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

SUSE and the openSUSE project are affected by this issue and we have released updates.

https://www.suse.com/security/cve/CVE-2016-5195.html

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.suse.com/security/cve/CVE-2016-5195.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubuntu

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Arista Networks, Inc.

Notified:  October 21, 2016 Updated:  October 24, 2016

Statement Date:   October 24, 2016

Status

  Not Affected

Vendor Statement

Arista Network's software products EOS and Cloud Vision Portal (CVP) are not exploitable by CVE-2016-5195 (Kernel Local Privilege Escalation).

For further information:
https://www.arista.com/en/support/advisories-notices/security-advisories/1753-field-notice-0026

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.arista.com/en/support/advisories-notices/security-advisories/1753-field-notice-0026

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Peplink

Updated:  November 17, 2016

Statement Date:   November 17, 2016

Status

  Not Affected

Vendor Statement

Wanting to state that Peplink Pepwave products are not affected by Dirty COW

Our own announcement:
https://forum.peplink.com/threads/7579-Unaffected-Security-Notice-for-Dirty-COW-CVE-2016-5195

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://forum.peplink.com/threads/7579-Unaffected-Security-Notice-for-Dirty-COW-CVE-2016-5195

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Arch Linux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware Linux Inc.

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Tizen

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Turbolinux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

openSUSE project

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal 5.6 E:F/RL:OF/RC:C
Environmental 5.6 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Credit

Red Hat credits Phil Oester with reporting this vulnerability.

This document was written by Joel Land.

Other Information

CVE IDs: CVE-2016-5195
Date Public: 2016-10-20
Date First Published: 2016-10-21
Date Last Updated: 2016-11-17 13:17 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.