7.2

CVE-2016-5195 (Dirty COW)

Warnung
Exploit
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version16.10
LinuxLinux Kernel Version >= 2.6.22 < 3.2.83
LinuxLinux Kernel Version >= 3.3 < 3.4.113
LinuxLinux Kernel Version >= 3.5 < 3.10.104
LinuxLinux Kernel Version >= 3.11 < 3.12.66
LinuxLinux Kernel Version >= 3.13 < 3.16.38
LinuxLinux Kernel Version >= 3.17 < 3.18.44
LinuxLinux Kernel Version >= 3.19 < 4.1.35
LinuxLinux Kernel Version >= 4.2 < 4.4.26
LinuxLinux Kernel Version >= 4.5 < 4.7.9
LinuxLinux Kernel Version >= 4.8 < 4.8.3
RedhatEnterprise Linux Version5
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Aus Version6.2
RedhatEnterprise Linux Aus Version6.4
RedhatEnterprise Linux Aus Version6.5
RedhatEnterprise Linux Eus Version6.6
RedhatEnterprise Linux Eus Version6.7
RedhatEnterprise Linux Eus Version7.1
RedhatEnterprise Linux Tus Version6.5
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
FedoraprojectFedora Version23
FedoraprojectFedora Version24
FedoraprojectFedora Version25
PaloaltonetworksPan-os Version >= 5.1 < 7.0.14
PaloaltonetworksPan-os Version >= 7.1.0 < 7.1.8
NetappCloud Backup Version-
NetappHci Storage Nodes Version-
NetappOncommand Balance Version-
NetappSnapprotect Version-
NetappSolidfire Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Race Condition Vulnerability

Schwachstelle

Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 83.52% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
Third Party Advisory
https://source.android.com/security/bulletin/2016-12-01.html
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Third Party Advisory
Broken Link
https://source.android.com/security/bulletin/2016-11-01.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2124.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2128.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2133.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2107.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2110.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0372
Third Party Advisory
Broken Link
https://bto.bluecoat.com/security-advisory/sa134
Third Party Advisory
Permissions Required
http://fortiguard.com/advisory/FG-IR-16-063
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
Patch
Vendor Advisory
Issue Tracking
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
Third Party Advisory
http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
Third Party Advisory
VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2098.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2105.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2106.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2118.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2120.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2126.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2127.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2132.html
Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
Third Party Advisory
http://www.debian.org/security/2016/dsa-3696
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
Release Notes
http://www.openwall.com/lists/oss-security/2016/10/21/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/10/26/7
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/10/27/13
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/10/30/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/11/03/7
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/03/07/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/08/08/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/08/08/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/08/08/7
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/08/08/8
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/08/09/4
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/08/15/1
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/539611/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/540252/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/540344/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/540736/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/93793
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1037078
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/USN-3104-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3104-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-3105-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3105-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-3106-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3106-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-3106-3
Third Party Advisory
http://www.ubuntu.com/usn/USN-3106-4
Third Party Advisory
http://www.ubuntu.com/usn/USN-3107-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3107-2
Third Party Advisory
https://access.redhat.com/security/cve/cve-2016-5195
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/2706661
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
Exploit
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1004418
Issue Tracking
https://dirtycow.ninja
Third Party Advisory
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
Third Party Advisory
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
Third Party Advisory
Exploit
https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
Patch
Issue Tracking
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10176
Third Party Advisory
Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10177
Third Party Advisory
Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10222
Third Party Advisory
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/
Release Notes
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2016-5195
Third Party Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20161025-0001/
Third Party Advisory
https://security.paloaltonetworks.com/CVE-2016-5195
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd
Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
Third Party Advisory
https://www.exploit-db.com/exploits/40611/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/40616/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/40839/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/40847/
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/243144
Third Party Advisory
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195
US Government Resource
http://seclists.org/fulldisclosure/2024/Aug/35
Third Party Advisory
Mailing List