search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Vulnerability Note VU#243144

Original Release Date: 2016-10-21 | Last Revised: 2016-11-17

Overview

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.

Description

CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.

Note that this vulnerability is reported as being actively exploited in the wild.

Impact

A local, unprivileged attacker can escalate privileges to root.

Solution

Apply an update

Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions' normal update process.

Vendor Information

243144
 
Affected   Unknown   Unaffected

CentOS

Notified:  October 21, 2016 Updated:  October 27, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.centos.org/forums/viewtopic.php?f=51&t=59782&hilit=CVE%202016%205195&start=10

CoreOS

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://coreos.com/blog/CVE-2016-5195.html

Debian GNU/Linux

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.debian.org/security/2016/dsa-3696 https://security-tracker.debian.org/tracker/CVE-2016-5195

Red Hat, Inc.

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://access.redhat.com/security/cve/cve-2016-5195

SUSE Linux

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

SUSE and the openSUSE project are affected by this issue and we have released updates.

https://www.suse.com/security/cve/CVE-2016-5195.html

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.suse.com/security/cve/CVE-2016-5195.html

Ubuntu

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html

Arista Networks, Inc.

Notified:  October 21, 2016 Updated:  October 24, 2016

Statement Date:   October 24, 2016

Status

  Not Affected

Vendor Statement

Arista Network's software products EOS and Cloud Vision Portal (CVP) are not exploitable by CVE-2016-5195 (Kernel Local Privilege Escalation).

For further information:
https://www.arista.com/en/support/advisories-notices/security-advisories/1753-field-notice-0026

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.arista.com/en/support/advisories-notices/security-advisories/1753-field-notice-0026

Peplink

Updated:  November 17, 2016

Statement Date:   November 17, 2016

Status

  Not Affected

Vendor Statement

Wanting to state that Peplink Pepwave products are not affected by Dirty COW

Our own announcement:
https://forum.peplink.com/threads/7579-Unaffected-Security-Notice-for-Dirty-COW-CVE-2016-5195

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://forum.peplink.com/threads/7579-Unaffected-Security-Notice-for-Dirty-COW-CVE-2016-5195

Arch Linux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Fedora Project

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Gentoo Linux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Slackware Linux Inc.

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Tizen

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Turbolinux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

openSUSE project

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal 5.6 E:F/RL:OF/RC:C
Environmental 5.6 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Credit

Red Hat credits Phil Oester with reporting this vulnerability.

This document was written by Joel Land.

Other Information

CVE IDs: CVE-2016-5195
Date Public: 2016-10-20
Date First Published: 2016-10-21
Date Last Updated: 2016-11-17 13:17 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.