{"vuid":"VU#243144","idnumber":"243144","name":"Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability","keywords":["linux","kernel","privilege escalation","race condition","dirty cow"],"overview":"The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges.","clean_desc":"CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization ('Race Condition') - CVE-2016-5195 The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem. A local attacker may leverage this vulnerability in affected systems to gain root privileges. For more information, including proofs of concept, refer to the Dirty COW disclosure page. Note that this vulnerability is reported as being actively exploited in the wild.","impact":"A local, unprivileged attacker can escalate privileges to root.","resolution":"Apply an update Linux kernel versions 4.8.3, 4.7.9, and 4.4.26 address this vulnerability. Red Hat, Debian, and Ubuntu have released patches. Users should apply patches through their Linux distributions' normal update process.","workarounds":"","sysaffected":"","thanks":"Red Hat credits Phil Oester with reporting this vulnerability.","author":"This document was written by Joel Land.","public":["https://dirtycow.ninja/","https://access.redhat.com/security/cve/cve-2016-5195","https://security-tracker.debian.org/tracker/CVE-2016-5195","http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26","https://cwe.mitre.org/data/definitions/362.html"],"cveids":["CVE-2016-5195"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-10-21T14:25:12Z","publicdate":"2016-10-20T00:00:00Z","datefirstpublished":"2016-10-21T16:15:55Z","dateupdated":"2016-11-17T13:17:16Z","revision":15,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:L/AC:L/Au:S/C:C/I:C/A:C","cvss_temporalscore":"5.6","cvss_environmentalscore":"5.595029121024","cvss_environmentalvector":"CDP:ND/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}