oss-sec mailing list archives
CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
From: Solar Designer <solar () openwall com>
Date: Fri, 21 Oct 2016 02:31:04 +0200
Hi, This was brought to the linux-distros list (and briefly inadvertently to the distros list, although discussion continued on linux-distros only) on October 13 and it was made public yesterday, so it must be in here as well. Unfortunately, no one posted about it in here so far (the person who brought this to [linux-]distros must have done so!), and I don't have time to make a proper posting (with full detail in the message itself, as per oss-security list content guidelines), but I figured it's better for me to post something than nothing at all. Red Hat's description: "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." https://access.redhat.com/security/cve/cve-2016-5195 https://bugzilla.redhat.com/show_bug.cgi?id=1384344 https://security-tracker.debian.org/tracker/CVE-2016-5195 http://www.v3.co.uk/v3-uk/news/2474845/linux-users-urged-to-protect-against-dirty-cow-security-flaw https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 https://lkml.org/lkml/2016/10/19/860 https://dirtycow.ninja https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails https://twitter.com/DirtyCOWVuln Alexander
Current thread:
- CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer (Oct 20)
- Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer (Oct 26)
- Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Steve Grubb (Nov 03)
- Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer (Oct 26)