PT-2016-3096 · Linux+7 · Linux Kernel+7
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 2.x through 4.8.2
Description
A race condition in the
mm/gup.c component of the Linux kernel allows local users to gain elevated privileges. This occurs due to the incorrect handling of the copy-on-write (COW) feature—a mechanism that allows multiple processes to share the same data in memory until one process attempts to modify it—which enables writing to a read-only memory mapping. This issue was exploited in the wild in October 2016 and is also known as Dirty COW. Additionally, the UNC2891 threat group has utilized this flaw to escalate privileges within banking infrastructures.Recommendations
Update the Linux kernel to version 4.8.3 or later.
Exploit
Fix
DoS
LPE
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Centos
Huawei Vrp
Junos
Linux Kernel
Red Hat
Suse
Ubuntu