Reading Time: 2 minutes

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel. The bug has existed since around 2.6.22 (released in 2007) and was fixed on Oct 18, 2016.

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.” (RH)

The impact of this vulnerability is:

  • An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
  • This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set

Should be interesting see how this bug will imapct all the virtual appliance from several vendors, based on Linux. And also how will affect old distributions that are maybe no more maintained.

See also: Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

Share

Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-24. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-23. Nutanix NTC 2014-20. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.