search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Vulnerability Note VU#243144

Original Release Date: 2016-10-21 | Last Revised: 2016-11-17

Overview

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.

Description

CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.

Note that this vulnerability is reported as being actively exploited in the wild.

Impact

A local, unprivileged attacker can escalate privileges to root.

Solution

Apply an update

Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions' normal update process.

Vendor Information

243144
 
Affected   Unknown   Unaffected

CentOS

Notified:  October 21, 2016 Updated:  October 27, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CoreOS

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Debian GNU/Linux

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Red Hat, Inc.

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

SUSE Linux

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

SUSE and the openSUSE project are affected by this issue and we have released updates.

https://www.suse.com/security/cve/CVE-2016-5195.html

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Ubuntu

Notified:  October 21, 2016 Updated:  October 24, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Arista Networks, Inc.

Notified:  October 21, 2016 Updated:  October 24, 2016

Statement Date:   October 24, 2016

Status

  Not Affected

Vendor Statement

Arista Network's software products EOS and Cloud Vision Portal (CVP) are not exploitable by CVE-2016-5195 (Kernel Local Privilege Escalation).

For further information:
https://www.arista.com/en/support/advisories-notices/security-advisories/1753-field-notice-0026

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Peplink

Updated:  November 17, 2016

Statement Date:   November 17, 2016

Status

  Not Affected

Vendor Statement

Wanting to state that Peplink Pepwave products are not affected by Dirty COW

Our own announcement:
https://forum.peplink.com/threads/7579-Unaffected-Security-Notice-for-Dirty-COW-CVE-2016-5195

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Arch Linux

Notified:  October 21, 2016 Updated:  October 21, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    Fedora Project

    Notified:  October 21, 2016 Updated:  October 21, 2016

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Gentoo Linux

      Notified:  October 21, 2016 Updated:  October 21, 2016

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Openwall GNU/*/Linux

        Notified:  October 21, 2016 Updated:  October 21, 2016

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          Slackware Linux Inc.

          Notified:  October 21, 2016 Updated:  October 21, 2016

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            Tizen

            Notified:  October 21, 2016 Updated:  October 21, 2016

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              Turbolinux

              Notified:  October 21, 2016 Updated:  October 21, 2016

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                openSUSE project

                Notified:  October 21, 2016 Updated:  October 21, 2016

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  View all 16 vendors View less vendors


                  CVSS Metrics

                  Group Score Vector
                  Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C
                  Temporal 5.6 E:F/RL:OF/RC:C
                  Environmental 5.6 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

                  References

                  Acknowledgements

                  Red Hat credits Phil Oester with reporting this vulnerability.

                  This document was written by Joel Land.

                  Other Information

                  CVE IDs: CVE-2016-5195
                  Date Public: 2016-10-20
                  Date First Published: 2016-10-21
                  Date Last Updated: 2016-11-17 13:17 UTC
                  Document Revision: 14

                  Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.