[VU:243144] Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Severity High

CVEs 1

Overview

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.

Impact

A local, unprivileged attacker can escalate privileges to root.

Solution

Apply an update Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions' normal update process.

Acknowledgements

Red Hat credits Phil Oester with reporting this vulnerability.

ID

VU:243144

Severity

high

Severity from

CVE-2016-5195

URL

https://kb.cert.org/vuls/id/243144

Published

2016-10-21T16:15:55
(8 years ago)

Modified

2016-11-17T13:17:16
(7 years ago)

Rights

Other Advisories

Source	# ID	Name	URL
			https://dirtycow.ninja/
			https://access.redhat.com/security/cve/cve-2016-5195
			https://security-tracker.debian.org/tracker/CVE-2016-5195
			http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
			https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
			https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9
			https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26
			https://cwe.mitre.org/data/definitions/362.html

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date