[VU:243144] Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability
Severity
High
CVEs
1
Overview
The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.
Impact
A local, unprivileged attacker can escalate privileges to root.
Solution
Apply an update Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions' normal update process.
Acknowledgements
Red Hat credits Phil Oester with reporting this vulnerability.
- ID
- VU:243144
- Severity
- high
- Severity from
- CVE-2016-5195
- URL
- https://kb.cert.org/vuls/id/243144
- Published
-
2016-10-21T16:15:55
(8 years ago) - Modified
-
2016-11-17T13:17:16
(7 years ago) - Rights
- Copyright 2016, CERT Coordination Center (CERT/CC)
- Other Advisories
-
- ALAS-2016-757
- ASA-201610-11
- ASA-201610-14
- CISA-2022:0303
- CISCO-SA-20161026-LINUX
- DSA-3696-1
- ELSA-2016-2098
- ELSA-2016-2105
- ELSA-2016-2124
- ELSA-2016-3632
- ELSA-2016-3633
- ELSA-2016-3634
- FEDORA-2016-c3558808cd
- FEDORA-2016-c8a0c7eece
- FEDORA-2016-db4b75b352
- openSUSE-SU-2020:0554-1
- RHSA-2016:2098
- RHSA-2016:2105
- RHSA-2016:2110
- RHSA-2017:0372
- SSA:2016-305-01
- SUSE-SU-2016:2585-1
- SUSE-SU-2016:2592-1
- SUSE-SU-2016:2593-1
- SUSE-SU-2016:2596-1
- SUSE-SU-2016:2614-1
- SUSE-SU-2016:2629-1
- SUSE-SU-2016:2630-1
- SUSE-SU-2016:2631-1
- SUSE-SU-2016:2632-1
- SUSE-SU-2016:2633-1
- SUSE-SU-2016:2634-1
- SUSE-SU-2016:2635-1
- SUSE-SU-2016:2636-1
- SUSE-SU-2016:2637-1
- SUSE-SU-2016:2638-1
- SUSE-SU-2016:2655-1
- SUSE-SU-2016:2657-1
- SUSE-SU-2016:2658-1
- SUSE-SU-2016:2659-1
- SUSE-SU-2016:2673-1
- SUSE-SU-2016:3069-1
- SUSE-SU-2016:3304-1
- USN-3104-1
- USN-3104-2
- USN-3105-1
- USN-3105-2
- USN-3106-1
- USN-3106-2
- USN-3106-3
- USN-3106-4
- USN-3107-1
- USN-3107-2
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |