CVE-2016-5195

 

Published at: - 10-11-2016 10:59

Last modified: - 17-01-2023 10:00

Total changes: - 10

Description

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
• https://dirtycow.ninja
• https://security-tracker.debian.org/tracker/CVE-2016-5195
• https://access.redhat.com/security/cve/cve-2016-5195
• https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
• https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
• https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
• https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
• https://bugzilla.suse.com/show_bug.cgi?id=1004418
• https://bugzilla.redhat.com/show_bug.cgi?id=1384344
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
• [oss-security] 20161026 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability-Mailing List, Third Party Advisory
• https://access.redhat.com/security/vulnerabilities/2706661
• VU#243144-Third Party Advisory, US Government Resource
• 93793-Third Party Advisory, VDB Entry
• https://source.android.com/security/bulletin/2016-11-01.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
• 40847-Third Party Advisory, VDB Entry
• 40839-Third Party Advisory, VDB Entry
• https://kc.mcafee.com/corporate/index?page=content&id=SB10176
• https://bto.bluecoat.com/security-advisory/sa134
• https://source.android.com/security/bulletin/2016-12-01.html
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
• 1037078-Third Party Advisory, VDB Entry
• 40616-Third Party Advisory, VDB Entry
• 40611-Third Party Advisory, VDB Entry
• https://security.netapp.com/advisory/ntap-20161025-0001/
• RHSA-2017:0372-Third Party Advisory
• RHSA-2016:2133-Third Party Advisory
• RHSA-2016:2132-Third Party Advisory
• RHSA-2016:2128-Third Party Advisory
• RHSA-2016:2127-Third Party Advisory
• RHSA-2016:2126-Third Party Advisory
• RHSA-2016:2124-Third Party Advisory
• RHSA-2016:2120-Third Party Advisory
• RHSA-2016:2118-Third Party Advisory
• RHSA-2016:2110-Third Party Advisory
• RHSA-2016:2107-Third Party Advisory
• RHSA-2016:2106-Third Party Advisory
• RHSA-2016:2105-Third Party Advisory
• RHSA-2016:2098-Third Party Advisory
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
• https://security.paloaltonetworks.com/CVE-2016-5195
• openSUSE-SU-2020:0554-Mailing List, Third Party Advisory
• openSUSE-SU-2016:2649-Mailing List, Third Party Advisory
• 20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege-Third Party Advisory, VDB Entry
• DSA-3696-Third Party Advisory
• http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
• SUSE-SU-2016:3304-Mailing List, Third Party Advisory
• http://fortiguard.com/advisory/FG-IR-16-063
• SUSE-SU-2016:2657-Mailing List, Third Party Advisory
• USN-3104-2-Third Party Advisory
• USN-3104-1-Third Party Advisory
• https://kc.mcafee.com/corporate/index?page=content&id=SB10222
• http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
• 20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016-Third Party Advisory
• [oss-security] 20161021 CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability-Mailing List, Third Party Advisory
• 20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability-Third Party Advisory, VDB Entry
• SUSE-SU-2016:2658-Mailing List, Third Party Advisory
• FEDORA-2016-c8a0c7eece-Mailing List, Third Party Advisory
• 20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability-Third Party Advisory, VDB Entry
• SUSE-SU-2016:3069-Mailing List, Third Party Advisory
• SUSE-SU-2016:2673-Mailing List, Third Party Advisory
• FEDORA-2016-c3558808cd-Mailing List, Third Party Advisory
• http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
• SUSE-SU-2016:2633-Mailing List, Third Party Advisory
• https://kc.mcafee.com/corporate/index?page=content&id=SB10177
• SUSE-SU-2016:2636-Mailing List, Third Party Advisory
• 20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue-Third Party Advisory
• http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
• openSUSE-SU-2016:2583-Mailing List, Third Party Advisory
• SUSE-SU-2016:2630-Mailing List, Third Party Advisory
• USN-3105-1-Third Party Advisory
• USN-3105-2-Third Party Advisory
• SUSE-SU-2016:2634-Mailing List, Third Party Advisory
• [oss-security] 20161103 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability-Mailing List, Third Party Advisory
• SUSE-SU-2016:2596-Mailing List, Third Party Advisory
• http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
• 20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege-Third Party Advisory, VDB Entry
• SUSE-SU-2016:2635-Mailing List, Third Party Advisory
• SUSE-SU-2016:2585-Mailing List, Third Party Advisory
• USN-3106-4-Third Party Advisory
• USN-3106-3-Third Party Advisory
• [oss-security] 20161030 Re: CVE-2016-5195 test case-Mailing List, Third Party Advisory
• SUSE-SU-2016:2592-Mailing List, Third Party Advisory
• SUSE-SU-2016:2629-Mailing List, Third Party Advisory
• https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
• USN-3106-2-Third Party Advisory
• USN-3106-1-Third Party Advisory
• SUSE-SU-2016:2637-Mailing List, Third Party Advisory
• SUSE-SU-2016:2631-Mailing List, Third Party Advisory
• openSUSE-SU-2016:2584-Mailing List, Third Party Advisory
• 20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege-Third Party Advisory, VDB Entry
• openSUSE-SU-2016:2625-Mailing List, Third Party Advisory
• http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
• FEDORA-2016-db4b75b352-Mailing List, Third Party Advisory
• 20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege-Third Party Advisory, VDB Entry
• SUSE-SU-2016:2632-Mailing List, Third Party Advisory
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
• SUSE-SU-2016:2593-Mailing List, Third Party Advisory
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
• 20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege-Third Party Advisory, VDB Entry
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
• SUSE-SU-2016:2638-Mailing List, Third Party Advisory
• SUSE-SU-2016:2659-Mailing List, Third Party Advisory
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
• SUSE-SU-2016:2655-Mailing List, Third Party Advisory
• USN-3107-2-Third Party Advisory
• SUSE-SU-2016:2614-Mailing List, Third Party Advisory
• [oss-security] 20161027 CVE-2016-5195 test case-Mailing List, Third Party Advisory
• USN-3107-1-Third Party Advisory
• 20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege-Third Party Advisory, VDB Entry
• [oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files-Mailing List, Third Party Advisory
• [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions-Mailing List, Third Party Advisory
• [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions-Mailing List, Third Party Advisory
• [oss-security] 20220808 CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions-Mailing List, Third Party Advisory
• [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions-Mailing List, Third Party Advisory
• [oss-security] 20220809 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions-Mailing List, Third Party Advisory
• [oss-security] 20220815 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2016-5195

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures