Executive Summary

Summary
Title Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability
Informations
Name VU#243144 First vendor Publication 2016-10-21
Vendor VU-CERT Last vendor Modification 2016-11-17
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#243144

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Original Release date: 21 Oct 2016 | Last revised: 17 Nov 2016

Overview

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.

Description

CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195

The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page.

Note that this vulnerability is reported as being actively exploited in the wild.

Impact

A local, unprivileged attacker can escalate privileges to root.

Solution

Apply an update

Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions' normal update process.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
CentOSAffected21 Oct 201627 Oct 2016
CoreOSAffected21 Oct 201624 Oct 2016
Debian GNU/LinuxAffected21 Oct 201624 Oct 2016
Red Hat, Inc.Affected21 Oct 201621 Oct 2016
SUSE LinuxAffected21 Oct 201624 Oct 2016
UbuntuAffected21 Oct 201624 Oct 2016
Arista Networks, Inc.Not Affected21 Oct 201624 Oct 2016
PeplinkNot Affected-17 Nov 2016
Arch LinuxUnknown21 Oct 201621 Oct 2016
Fedora ProjectUnknown21 Oct 201621 Oct 2016
Gentoo LinuxUnknown21 Oct 201621 Oct 2016
openSUSE projectUnknown21 Oct 201621 Oct 2016
Openwall GNU/*/LinuxUnknown21 Oct 201621 Oct 2016
Slackware Linux Inc.Unknown21 Oct 201621 Oct 2016
TizenUnknown21 Oct 201621 Oct 2016
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

GroupScoreVector
Base6.8AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal5.6E:F/RL:OF/RC:C
Environmental5.6CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

  • https://dirtycow.ninja/
  • https://access.redhat.com/security/cve/cve-2016-5195
  • https://security-tracker.debian.org/tracker/CVE-2016-5195
  • http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
  • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
  • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9
  • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26
  • https://cwe.mitre.org/data/definitions/362.html

Credit

Red Hat credits Phil Oester with reporting this vulnerability.

This document was written by Joel Land.

Other Information

  • CVE IDs:CVE-2016-5195
  • Date Public:20 Oct 2016
  • Date First Published:21 Oct 2016
  • Date Last Updated:17 Nov 2016
  • Document Revision:14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/243144

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4
Os 2
Os 2626
Os 3
Os 3
Os 3
Os 2
Os 1

SAINT Exploits

Description Link
Linux Dirty COW Local File Overwrite More info here

Snort® IPS/IDS

Date Description
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40566 - Revision : 2 - Type : OS-LINUX
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40565 - Revision : 2 - Type : OS-LINUX
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40564 - Revision : 2 - Type : OS-LINUX
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40563 - Revision : 2 - Type : OS-LINUX
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40562 - Revision : 2 - Type : OS-LINUX
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40561 - Revision : 2 - Type : OS-LINUX
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40560 - Revision : 2 - Type : OS-LINUX
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40543 - Revision : 2 - Type : OS-LINUX
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40542 - Revision : 2 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date Description
2018-04-18 Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-956.nasl - Type : ACT_GATHER_INFO
2018-02-22 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-956.nasl - Type : ACT_GATHER_INFO
2018-01-16 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZA-2018-004.nasl - Type : ACT_GATHER_INFO
2017-12-26 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-937.nasl - Type : ACT_GATHER_INFO
2017-12-12 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZA-2017-111.nasl - Type : ACT_GATHER_INFO
2017-12-12 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZA-2017-110.nasl - Type : ACT_GATHER_INFO
2017-12-12 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZA-2017-109.nasl - Type : ACT_GATHER_INFO
2017-05-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2016-1051.nasl - Type : ACT_GATHER_INFO
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2017-02-22 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL10558632.nasl - Type : ACT_GATHER_INFO
2016-11-17 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0158.nasl - Type : ACT_GATHER_INFO
2016-11-15 Name : The remote Fedora host is missing a security update.
File : fedora_2016-c8a0c7eece.nasl - Type : ACT_GATHER_INFO
2016-11-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2133.nasl - Type : ACT_GATHER_INFO
2016-11-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2132.nasl - Type : ACT_GATHER_INFO
2016-11-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2126.nasl - Type : ACT_GATHER_INFO
2016-11-01 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2016-305-01.nasl - Type : ACT_GATHER_INFO
2016-11-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2128.nasl - Type : ACT_GATHER_INFO
2016-11-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2127.nasl - Type : ACT_GATHER_INFO
2016-10-31 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161028_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-10-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2124.nasl - Type : ACT_GATHER_INFO
2016-10-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2124.nasl - Type : ACT_GATHER_INFO
2016-10-31 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2124.nasl - Type : ACT_GATHER_INFO
2016-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2120.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2658-1.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2105.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1227.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2105.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2106.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2107.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2110.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2118.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2655-1.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2657-1.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2659-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2636-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2633-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2098.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2105.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161025_Important__kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2585-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2592-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2593-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2596-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2614-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2632-1.nasl - Type : ACT_GATHER_INFO
2016-10-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3107-2.nasl - Type : ACT_GATHER_INFO
2016-10-25 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161024_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-10-25 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2098.nasl - Type : ACT_GATHER_INFO
2016-10-25 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1211.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0149.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote Fedora host is missing a security update.
File : fedora_2016-c3558808cd.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote Fedora host is missing a security update.
File : fedora_2016-db4b75b352.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1212.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-3632.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-3633.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-3634.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0150.nasl - Type : ACT_GATHER_INFO
2016-10-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2098.nasl - Type : ACT_GATHER_INFO
2016-10-21 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-757.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Debian host is missing a security update.
File : debian_DLA-670.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3107-1.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3106-4.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3106-3.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3106-2.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3106-1.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3105-2.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3105-1.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3104-1.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3696.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2016-11-17 17:22:53
  • Multiple Updates
2016-11-14 17:25:46
  • Multiple Updates
2016-11-11 05:24:23
  • Multiple Updates
2016-10-27 21:24:13
  • Multiple Updates
2016-10-25 00:23:09
  • Multiple Updates
2016-10-24 17:18:55
  • Multiple Updates
2016-10-21 21:24:14
  • First insertion