The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.
CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195
The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.
A local, unprivileged attacker can escalate privileges to root.
Apply an update
Red Hat, Inc.
Arista Networks, Inc.
Slackware Linux Inc.
Red Hat credits Phil Oester with reporting this vulnerability.
This document was written by Joel Land.
|Date First Published:||2016-10-21|
|Date Last Updated:||2016-11-17 13:17 UTC|