ID CVE-2016-5195
Summary Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
References
Vulnerable Configurations
  • Canonical Ubuntu Core 15.04
    cpe:2.3:o:canonical:ubuntu_core:15.04
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Linux Kernel 3.14.8
    cpe:2.3:o:linux:linux_kernel:3.14.8
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
  • Red Hat Enterprise Linux 6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • cpe:2.3:o:redhat:enterprise_linux_aus:6.2
    cpe:2.3:o:redhat:enterprise_linux_aus:6.2
  • cpe:2.3:o:redhat:enterprise_linux_aus:6.4
    cpe:2.3:o:redhat:enterprise_linux_aus:6.4
  • cpe:2.3:o:redhat:enterprise_linux_aus:6.5
    cpe:2.3:o:redhat:enterprise_linux_aus:6.5
  • cpe:2.3:o:redhat:enterprise_linux_eus:6.6
    cpe:2.3:o:redhat:enterprise_linux_eus:6.6
  • cpe:2.3:o:redhat:enterprise_linux_eus:6.7
    cpe:2.3:o:redhat:enterprise_linux_eus:6.7
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.1
    cpe:2.3:o:redhat:enterprise_linux_eus:7.1
  • cpe:2.3:o:redhat:enterprise_linux_long_life:5.6
    cpe:2.3:o:redhat:enterprise_linux_long_life:5.6
  • cpe:2.3:o:redhat:enterprise_linux_long_life:5.9
    cpe:2.3:o:redhat:enterprise_linux_long_life:5.9
  • cpe:2.3:o:redhat:enterprise_linux_tus:6.5
    cpe:2.3:o:redhat:enterprise_linux_tus:6.5
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 7.2 (as of 14-11-2016 - 08:53)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd). CVE-2016-5195. Local exploit for Linux platform
    file exploits/linux/local/40847.cpp
    id EDB-ID:40847
    last seen 2016-11-29
    modified 2016-11-27
    platform linux
    port
    published 2016-11-27
    reporter Exploit-DB
    source https://www.exploit-db.com/download/40847/
    title Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd)
    type local
  • description Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID). CVE-2016-5195. Local exploit for Linux platform
    file exploits/linux/local/40616.c
    id EDB-ID:40616
    last seen 2016-10-21
    modified 2016-10-21
    platform linux
    port
    published 2016-10-21
    reporter Robin Verton
    source https://www.exploit-db.com/download/40616/
    title Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)
    type local
  • description Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access). CVE-2016-5195. Local exploit for Linux platform
    id EDB-ID:40838
    last seen 2016-11-28
    modified 2016-10-26
    published 2016-10-26
    reporter Exploit-DB
    source https://www.exploit-db.com/download/40838/
    title Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access)
  • description Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation. CVE-2016-5195. Local exploit for Linux platform
    file exploits/linux/local/40839.c
    id EDB-ID:40839
    last seen 2016-11-28
    modified 2016-11-28
    platform linux
    port
    published 2016-11-28
    reporter Exploit-DB
    source https://www.exploit-db.com/download/40839/
    title Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation
    type local
  • description Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access). CVE-2016-5195. Local exploit for Linux platform
    file exploits/linux/local/40611.c
    id EDB-ID:40611
    last seen 2016-10-21
    modified 2016-10-19
    platform linux
    port
    published 2016-10-19
    reporter Phil Oester
    source https://www.exploit-db.com/download/40611/
    title Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)
    type local
nessus via4
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1051.NASL
    description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.(CVE-2016-5195) - Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.(CVE-2016-7117) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99814
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99814
    title EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1051)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1211.NASL
    description The openSUSE 13.1 kernel was updated to fix bugs and security issues. The following security bugs were fixed : - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1001486). - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). The following non-security bugs were fixed : - sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486).
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94239
    published 2016-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94239
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-1211) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1212.NASL
    description The openSUSE Leap 42.1 kernel was updated to 4.1.34, fixing bugs and security issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). The following non-security bugs were fixed : - 9p: use file_dentry() (bsc#1005101). - af_unix: Do not set err in unix_stream_read_generic unless there was an error (bsc#1005101). - alsa: hda - Fix superfluous HDMI jack repoll (bsc#1005101). - alsa: hda - Turn off loopback mixing as default (bsc#1001462). - apparmor: add missing id bounds check on dfa verification (bsc#1000304). - apparmor: check that xindex is in trans_table bounds (bsc#1000304). - apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304). - apparmor: do not expose kernel stack (bsc#1000304). - apparmor: ensure the target profile name is always audited (bsc#1000304). - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304). - apparmor: fix audit full profile hname on successful load (bsc#1000304). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - apparmor: fix disconnected bind mnts reconnection (bsc#1000304). - apparmor: fix log failures for all profiles in a set (bsc#1000304). - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304). - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304). - apparmor: fix put() parent ref after updating the active ref (bsc#1000304). - apparmor: fix refcount bug in profile replacement (bsc#1000304). - apparmor: fix refcount race when finding a child profile (bsc#1000304). - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304). - apparmor: fix uninitialized lsm_audit member (bsc#1000304). - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304). - apparmor: internal paths should be treated as disconnected (bsc#1000304). - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304). - arm: orion5x: Fix legacy get_irqnr_and_base (bsc#1005101). - batman-adv: Fix memory leak on tt add with invalid vlan (bsc#1005101). - batman-adv: replace WARN with rate limited output on non-existing VLAN (bsc#1005101). - blacklist.conf: add some commits (bsc#1005101) - blacklist.conf: add unaplicable IB/uverbs commit (bsc#1005101) - blacklist.conf: Blacklist unsupported architectures - blkfront: fix an error path memory leak (luckily none so far). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - cgroup: add seq_file forward declaration for struct cftype (bsc#1005101). - do 'fold checks into iterate_and_advance()' right (bsc#972460). - drm/i915: Wait up to 3ms for the pcu to ack the cdclk change request on SKL (bsc#1005101). - drm/rockchip: unset pgoff when mmap'ing gems (bsc#1005101). - fold checks into iterate_and_advance() (bsc#972460). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681, bsc#1000907). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - hid: multitouch: force retrieving of Win8 signature blob (bsc#1005101). - input: ALPS - add touchstick support for SS5 hardware (bsc#987703). - input: ALPS - allow touchsticks to report pressure (bsc#987703). - input: ALPS - handle 0-pressure 1F events (bsc#987703). - input: ALPS - set DualPoint flag for 74 03 28 devices (bsc#987703). - ipip: Properly mark ipip GRO packets as encapsulated (bsc#1001486). - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bsc#1005101). - kabi: hide name change of napi_gro_cb::udp_mark (bsc#1001486). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#1005101). - memcg: fix thresholds for 32b architectures (bsc#1005101). - msi-x: fix an error path (luckily none so far). - netback: fix flipping mode (bsc#996664). - netback: fix flipping mode (bsc#996664). - netem: fix a use after free (bsc#1005101). - net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration (bsc#1005101). - netfront: linearize SKBs requiring too many slots (bsc#991247). - netlink: not trim skb for mmaped socket when dump (bsc#1005101). - net_sched: fix pfifo_head_drop behavior vs backlog (bsc#1005101). - net_sched: keep backlog updated with qlen (bsc#1005101). - nfs: use file_dentry() (bsc#1005101). - ovl: fix open in stacked overlay (bsc#1005101). - pci: Prevent out of bounds access in numa_node override (bsc#1005101). - perf/core: Do not leak event in the syscall error path (bsc#1005101). - perf: Fix PERF_EVENT_IOC_PERIOD deadlock (bsc#1005101). - Revive iov_iter_fault_in_multipages_readable() for 4.1.34. - sch_drr: update backlog as well (bsc#1005101). - sch_hfsc: always keep backlog updated (bsc#1005101). - sch_prio: update backlog as well (bsc#1005101). - sch_qfq: keep backlog updated with qlen (bsc#1005101). - sch_red: update backlog as well (bsc#1005101). - sch_sfb: keep backlog updated with qlen (bsc#1005101). - sch_tbf: update backlog as well (bsc#1005101). - tpm: fix: return rc when devm_add_action() fails (bsc#1005101). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486). - Update blacklisting documentation to contain path-blacklisting - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - x86/LDT: Print the real LDT base address (bsc#1005101). - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs (bsc#1005101). - xenbus: do not bail early from xenbus_dev_request_and_reply() (luckily none so far). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094) - xen: Linux 4.1.28.
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94219
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94219
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-1212) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2133.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. (CVE-2016-4470, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. The CVE-2016-4470 issue was discovered by David Howells (Red Hat).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94463
    published 2016-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94463
    title RHEL 6 : kernel (RHSA-2016:2133) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2124.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. Bug Fix(es) : * In some cases, a kernel crash or file system corruption occurred when running journal mode 'ordered'. The kernel crash was caused by a NULL pointer dereference due to a race condition between two journal functions. The file system corruption occurred due to a race condition between the do_get_write_access() function and buffer writeout. This update fixes both race conditions. As a result, neither the kernel crash, nor the file system corruption now occur. (BZ#1067708) * Prior to this update, some Global File System 2 (GFS2) files had incorrect time stamp values due to two problems with handling time stamps of such files. The first problem concerned the atime time stamp, which ended up with an arbitrary value ahead of the actual value, when a GFS2 file was accessed. The second problem was related to the mtime and ctime time stamp updates, which got lost when a GFS2 file was written to from one node and read from or written to from another node. With this update, a set of patches has been applied that fix these problems. As a result, the time stamps of GFS2 files are now handled correctly. (BZ#1374861)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94431
    published 2016-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94431
    title RHEL 5 : kernel (RHSA-2016:2124) (Dirty COW)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0158.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928646] (CVE-2016-5195) - HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798694] (CVE-2016-5829) - Revert 'rds: skip rx/tx work when destroying connection' (Brian Maly) [Orabug: 24790158] - netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24690302] (CVE-2016-3134) - netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24690302] (CVE-2016-3134) - ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree (Ashish Samant) [Orabug: 24587406] - TTY: do not reset master's packet mode (Jiri Slaby) [Orabug: 24569399] - ocfs2: Fix start offset to ocfs2_zero_range_for_truncate (Ashish Samant) [Orabug: 24500401] - rds: skip rx/tx work when destroying connection (Wengang Wang) - Revert 'IPoIB: serialize changing on tx_outstanding' (Wengang Wang) - xen/events: document behaviour when scanning the start word for events (Dongli Zhang) [Orabug: 23083945] - xen/events: mask events when changing their VCPU binding (Dongli Zhang) [Orabug: 23083945] - xen/events: initialize local per-cpu mask for all possible events (Dongli Zhang) [Orabug: 23083945] - IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570922] - NFS: Remove BUG_ON calls from the generic writeback code (Trond Myklebust) [Orabug: 22386565] - ocfs2: return non-zero st_blocks for inline data (John Haxby) - oracleasm: Classify device connectivity issues as global errors (Martin K. Petersen) [Orabug: 21760143] - Btrfs: fix truncation of compressed and inlined extents (Divya Indi) [Orabug: 22307286] (CVE-2015-8374) - Btrfs: fix file corruption and data loss after cloning inline extents (Divya Indi) [Orabug: 22307286] (CVE-2015-8374) - netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [Orabug: 24682073] (CVE-2016-4997) (CVE-2016-4998) - netfilter: x_tables: validate e->target_offset early (Florian Westphal) [Orabug: 24682071] (CVE-2016-4997) (CVE-2016-4998) - rds: schedule local connection activity in proper workqueue (Ajaykumar Hotchandani) [Orabug: 22819661] - ib_core: make wait_event uninterruptible in ib_flush_fmr_pool (Avinash Repaka) [Orabug: 24525022] - net/mlx4: Support shutdown interface (Ajaykumar Hotchandani) - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393863] (CVE-2016-4470) - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703990] (CVE-2016-2117) - mlx4_core: add module parameter to disable background init (Mukesh Kacker) [Orabug: 23292107] - NFSv4: Don't decode fs_locations if we didn't ask for them... (Trond Myklebust) [Orabug: 23633714] - mm/slab: Improve performance of slabinfo stats gathering (Aruna Ramakrishna) [Orabug: 23050884] - offload ib subnet manager port and node get info query handling. (Rama Nichanamatlu) [Orabug: 22521735] - fix typo/thinko in get_random_bytes (Tony Luck) [Orabug: 23726807]
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94929
    published 2016-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94929
    title OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0158) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3106-1.NASL
    description It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94155
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94155
    title Ubuntu 16.04 LTS : linux vulnerability (USN-3106-1) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3106-2.NASL
    description USN-3106-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94156
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94156
    title Ubuntu 14.04 LTS : linux-lts-xenial vulnerability (USN-3106-2) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2593-1.NASL
    description The SUSE Linux Enterprise 12 GA LTSS kernel was updated to fix two issues. This security bug was fixed : - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94279
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94279
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2593-1) (Dirty COW)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL10558632.NASL
    description Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka 'Dirty COW.' (CVE-2016-5195)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 97306
    published 2017-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97306
    title F5 Networks BIG-IP : Linux privilege-escalation vulnerability (K10558632) (Dirty COW)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-DB4B75B352.NASL
    description The 4.7.9 stable update contains a number of important fixes across the tree. In particular, it includes a fix for CVE-2016-5195. ---- The 4.7.8 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94213
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94213
    title Fedora 24 : kernel (2016-db4b75b352) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2118.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94317
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94317
    title RHEL 7 : kernel (RHSA-2016:2118) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2107.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94315
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94315
    title RHEL 6 : MRG (RHSA-2016:2107) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3105-1.NASL
    description It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94153
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94153
    title Ubuntu 14.04 LTS : linux vulnerability (USN-3105-1) (Dirty COW)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2105.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94292
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94292
    title CentOS 6 : kernel (CESA-2016:2105) (Dirty COW)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161024_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : - A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 94248
    published 2016-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94248
    title Scientific Linux Security Update : kernel on SL7.x x86_64 (Dirty COW)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2098.NASL
    description From Red Hat Security Advisory 2016:2098 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94247
    published 2016-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94247
    title Oracle Linux 7 : kernel (ELSA-2016-2098) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3105-2.NASL
    description USN-3105-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94154
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94154
    title Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-3105-2) (Dirty COW)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-C8A0C7EECE.NASL
    description The 4.8.3 stable update contains a number of important fixes across the tree. In particular, it includes a fix for CVE-2016-5195. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94861
    published 2016-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94861
    title Fedora 25 : kernel (2016-c8a0c7eece) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2105.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94313
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94313
    title RHEL 6 : kernel (RHSA-2016:2105) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2658-1.NASL
    description This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94325
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94325
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2658-1) (Dirty COW)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2124.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. Bug Fix(es) : * In some cases, a kernel crash or file system corruption occurred when running journal mode 'ordered'. The kernel crash was caused by a NULL pointer dereference due to a race condition between two journal functions. The file system corruption occurred due to a race condition between the do_get_write_access() function and buffer writeout. This update fixes both race conditions. As a result, neither the kernel crash, nor the file system corruption now occur. (BZ#1067708) * Prior to this update, some Global File System 2 (GFS2) files had incorrect time stamp values due to two problems with handling time stamps of such files. The first problem concerned the atime time stamp, which ended up with an arbitrary value ahead of the actual value, when a GFS2 file was accessed. The second problem was related to the mtime and ctime time stamp updates, which got lost when a GFS2 file was written to from one node and read from or written to from another node. With this update, a set of patches has been applied that fix these problems. As a result, the time stamps of GFS2 files are now handled correctly. (BZ#1374861)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94409
    published 2016-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94409
    title CentOS 5 : kernel (CESA-2016:2124) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2128.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. (CVE-2016-4470, Important) * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. The CVE-2016-4470 issue was discovered by David Howells (Red Hat). Enhancement(s) : * This update fixes a tape write problem by fixing the use of the sas_is_tlr_enabled API in the mpt3sas driver. The driver now checks whether Transport Layer Recovery (TLR) is enabled before enabling the MPI2_SCSIIO_CONTROL_TLR_ON flag. (BZ#1372352)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94454
    published 2016-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94454
    title RHEL 6 : kernel (RHSA-2016:2128) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2633-1.NASL
    description This update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94285
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94285
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2633-1) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3107-1.NASL
    description It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94159
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94159
    title Ubuntu 16.10 : linux vulnerability (USN-3107-1) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2127.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94453
    published 2016-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94453
    title RHEL 5 : kernel (RHSA-2016:2127) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2110.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94316
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94316
    title RHEL 7 : kernel-rt (RHSA-2016:2110) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2657-1.NASL
    description This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94324
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94324
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2657-1) (Dirty COW)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-305-01.NASL
    description New kernel packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2018-09-01
    modified 2017-09-25
    plugin id 94438
    published 2016-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94438
    title Slackware 14.0 / 14.1 / 14.2 / current : kernel (SSA:2016-305-01) (Dirty COW)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161025_IMPORTANT__KERNEL_ON_SL6_X.NASL
    description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : - A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 94266
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94266
    title Scientific Linux Security Update : Important: kernel on SL6.x i386/x86_64 (Dirty COW)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2098.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94254
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94254
    title CentOS 7 : kernel (CESA-2016:2098) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3104-1.NASL
    description It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94152
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94152
    title Ubuntu 12.04 LTS : linux vulnerability (USN-3104-1) (Dirty COW)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-3634.NASL
    description Description of changes: [2.6.39-400.286.3.el6uek] - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928646] {CVE-2016-5195}
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94225
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94225
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3634) (Dirty COW)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-670.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE-2016-5195 It was discovered that a race condition in the memory management code can be used for local privilege escalation. This does not affect kernels built with PREEMPT_RT enabled. CVE-2016-7042 Ondrej Kozina discovered that incorrect buffer allocation in the proc_keys_show() function may result in local denial of service. CVE-2016-7425 Marco Grassi discovered a buffer overflow in the arcmsr SCSI driver which may result in local denial of service, or potentially, arbitrary code execution. For Debian 7 'Wheezy', these problems have been fixed in version 3.2.82-1. This version also includes bug fixes from upstream version 3.2.82 and updates the PREEMPT_RT featureset to version 3.2.82-rt119. For Debian 8 'Jessie', these problems have been fixed in version 3.16.36-1+deb8u2. We recommend that you upgrade your linux packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 94144
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94144
    title Debian DLA-670-1 : linux security update (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1227.NASL
    description The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570). The following non-security bugs were fixed : - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520). - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094) - MSI-X: fix an error path (luckily none so far). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.fixes/0002-nfsd-check-permissions-when-setting-A CLs.patch (bsc#986570 CVE#2016-1237). - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570 CVE#2016-1237). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - arm64: Honor __GFP_ZERO in dma allocations (bsc#1004045). - arm64: __clear_user: handle exceptions on strb (bsc#994752). - arm64: dma-mapping: always clear allocated buffers (bsc#1004045). - arm64: perf: reject groups spanning multiple HW PMUs (bsc#1003931). - blkfront: fix an error path memory leak (luckily none so far). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - netback: fix flipping mode (bsc#996664). - netback: fix flipping mode (bsc#996664). - netfront: linearize SKBs requiring too many slots (bsc#991247). - nfsd: check permissions when setting ACLs (bsc#986570). - posix_acl: Add set_posix_acl (bsc#986570). - ppp: defer netns reference release for ppp channel (bsc#980371). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - x86: suppress lazy MMU updates during vmalloc fault processing (bsc#951155). - xen-netback-generalize.patch: Fold back into base patch. - xen3-patch-2.6.31.patch: Fold back into base patch. - xen3-patch-3.12.patch: Fold bac into base patch. - xen3-patch-3.15.patch: Fold back into base patch. - xen3-patch-3.3.patch: Fold back into base patch. - xen3-patch-3.9.patch: Fold bac into base patch. - xen3-patch-3.9.patch: Fold back into base patch. - xenbus: do not bail early from xenbus_dev_request_and_reply() (luckily none so far). - xenbus: inspect the correct type in xenbus_dev_request_and_reply().
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94303
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94303
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-1227) (Dirty COW)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2124.NASL
    description From Red Hat Security Advisory 2016:2124 : An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. Bug Fix(es) : * In some cases, a kernel crash or file system corruption occurred when running journal mode 'ordered'. The kernel crash was caused by a NULL pointer dereference due to a race condition between two journal functions. The file system corruption occurred due to a race condition between the do_get_write_access() function and buffer writeout. This update fixes both race conditions. As a result, neither the kernel crash, nor the file system corruption now occur. (BZ#1067708) * Prior to this update, some Global File System 2 (GFS2) files had incorrect time stamp values due to two problems with handling time stamps of such files. The first problem concerned the atime time stamp, which ended up with an arbitrary value ahead of the actual value, when a GFS2 file was accessed. The second problem was related to the mtime and ctime time stamp updates, which got lost when a GFS2 file was written to from one node and read from or written to from another node. With this update, a set of patches has been applied that fix these problems. As a result, the time stamps of GFS2 files are now handled correctly. (BZ#1374861)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94429
    published 2016-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94429
    title Oracle Linux 5 : kernel (ELSA-2016-2124) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2636-1.NASL
    description This update for the Linux Kernel 3.12.51-52_31 fixes several issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94286
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94286
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2636-1) (Dirty COW)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161028_KERNEL_ON_SL5_X.NASL
    description Security Fix(es) : - A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) - It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) Bug Fix(es) : - In some cases, a kernel crash or file system corruption occurred when running journal mode 'ordered'. The kernel crash was caused by a NULL pointer dereference due to a race condition between two journal functions. The file system corruption occurred due to a race condition between the do_get_write_access() function and buffer writeout. This update fixes both race conditions. As a result, neither the kernel crash, nor the file system corruption now occur. - Prior to this update, some Global File System 2 (GFS2) files had incorrect time stamp values due to two problems with handling time stamps of such files. The first problem concerned the atime time stamp, which ended up with an arbitrary value ahead of the actual value, when a GFS2 file was accessed. The second problem was related to the mtime and ctime time stamp updates, which got lost when a GFS2 file was written to from one node and read from or written to from another node. With this update, a set of patches has been applied that fix these problems. As a result, the time stamps of GFS2 files are now handled correctly.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 94432
    published 2016-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94432
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (Dirty COW)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3696.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. - CVE-2016-5195 It was discovered that a race condition in the memory management code can be used for local privilege escalation. - CVE-2016-7042 Ondrej Kozina discovered that incorrect buffer allocation in the proc_keys_show() function may result in local denial of service. - CVE-2016-7425 Marco Grassi discovered a buffer overflow in the arcmsr SCSI driver which may result in local denial of service, or potentially, arbitrary code execution. Additionally this update fixes a regression introduced in DSA-3616-1 causing iptables performance issues (cf. Debian Bug #831014).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94146
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94146
    title Debian DSA-3696-1 : linux - security update (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2659-1.NASL
    description This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94326
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94326
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2659-1) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2655-1.NASL
    description This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94323
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94323
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2655-1) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2592-1.NASL
    description The SUSE Linux Enterprise 12 SP1 kernel was updated to fix two issues. This security bug was fixed : - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94278
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94278
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2592-1) (Dirty COW)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2105.NASL
    description From Red Hat Security Advisory 2016:2105 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94264
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94264
    title Oracle Linux 6 : kernel (ELSA-2016-2105) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2126.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94452
    published 2016-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94452
    title RHEL 5 : kernel (RHSA-2016:2126) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3107-2.NASL
    description It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94249
    published 2016-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94249
    title Ubuntu 16.10 : linux-raspi2 vulnerability (USN-3107-2) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2132.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. Bug Fix(es) : * Previously, the BUG_ON() signal appeared in the fs_clear_inode() function where the nfs_have_writebacks() function reported a positive value for nfs_inode->npages. As a consequence, a kernel panic occurred. The provided patch performs a serialization by holding the inode i_lock over the check of PagePrivate and locking the request, which fixes this bug. (BZ#1365157)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94462
    published 2016-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94462
    title RHEL 6 : kernel (RHSA-2016:2132) (Dirty COW)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0149.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - mm: remove gup_flags FOLL_WRITE games from __get_user_pages (Linus Torvalds) [Orabug: 24927306] (CVE-2016-5195) - drivers/nvme: provide a module parameter for setting number of I/O queues (Shan Hai) [Orabug: 24914956] - blk-mq: improve warning for running a queue on the wrong CPU (Jens Axboe) [Orabug: 24914956] - blk-mq: fix freeze queue race (Shan Hai) [Orabug: 24914956]
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94228
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94228
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0149) (Dirty COW)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-3632.NASL
    description Description of changes: kernel-uek [4.1.12-61.1.16.el7uek] - mm: remove gup_flags FOLL_WRITE games from __get_user_pages() (Linus Torvalds) [Orabug: 24927306] {CVE-2016-5195} [4.1.12-61.1.15.el7uek] - drivers/nvme: provide a module parameter for setting number of I/O queues (Shan Hai) [Orabug: 24914956] - blk-mq: improve warning for running a queue on the wrong CPU (Jens Axboe) [Orabug: 24914956] - blk-mq: fix freeze queue race (Shan Hai) [Orabug: 24914956]
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94223
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94223
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3632) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2098.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94230
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94230
    title RHEL 7 : kernel (RHSA-2016:2098) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2120.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94348
    published 2016-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94348
    title RHEL 6 : kernel (RHSA-2016:2120) (Dirty COW)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0150.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928591] (CVE-2016-5195)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94229
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94229
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0150) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2585-1.NASL
    description The SUSE Linux Enterprise 11 SP4 kernel was updated to fix one security issue. This security bug was fixed : - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94276
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94276
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2585-1) (Dirty COW)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3106-3.NASL
    description It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94157
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94157
    title Ubuntu 16.04 LTS : linux-raspi2 vulnerability (USN-3106-3) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2632-1.NASL
    description This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986362). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94284
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94284
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2632-1) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3106-4.NASL
    description It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 94158
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94158
    title Ubuntu 16.04 LTS : linux-snapdragon vulnerability (USN-3106-4) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2614-1.NASL
    description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to fix one security issue. This security bug was fixed : - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94281
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94281
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2614-1) (Dirty COW)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-C3558808CD.NASL
    description The 4.7.9 stable update contains a number of important fixes across the tree. In particular, it includes a fix for CVE-2016-5195. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94212
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94212
    title Fedora 23 : kernel (2016-c3558808cd) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2106.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94314
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94314
    title RHEL 6 : kernel (RHSA-2016:2106) (Dirty COW)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-757.NASL
    description A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (Updated 2016-11-10: This advisory was upgraded to Critical.)
    last seen 2019-02-21
    modified 2018-04-19
    plugin id 94182
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94182
    title Amazon Linux AMI : kernel (ALAS-2016-757) (Dirty COW)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-3633.NASL
    description Description of changes: kernel-uek [3.8.13-118.13.3.el7uek] - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928591] {CVE-2016-5195}
    last seen 2019-02-21
    modified 2017-01-16
    plugin id 94224
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94224
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3633) (Dirty COW)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2596-1.NASL
    description The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to fix one security issue. This security bug was fixed : - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94280
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94280
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2596-1) (Dirty COW)
packetstorm via4
redhat via4
advisories
  • bugzilla
    id 1384344
    title CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098023
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098007
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098027
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098015
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098009
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098017
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098005
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-headers is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098013
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098025
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098011
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment kernel-tools is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098029
        • comment kernel-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678010
      • AND
        • comment kernel-tools-libs is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098033
        • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678012
      • AND
        • comment kernel-tools-libs-devel is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098031
        • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678020
      • AND
        • comment perf is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098021
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:3.10.0-327.36.3.el7
          oval oval:com.redhat.rhsa:tst:20162098019
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111530020
    rhsa
    id RHSA-2016:2098
    released 2016-10-24
    severity Important
    title RHSA-2016:2098: kernel security update (Important)
  • bugzilla
    id 1384344
    title CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105015
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105005
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105029
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105023
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105017
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105019
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105009
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-firmware is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105007
        • comment kernel-firmware is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842026
      • AND
        • comment kernel-headers is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105025
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105027
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105021
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment perf is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105011
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:2.6.32-642.6.2.el6
          oval oval:com.redhat.rhsa:tst:20162105013
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111530020
    rhsa
    id RHSA-2016:2105
    released 2016-10-25
    severity Important
    title RHSA-2016:2105: kernel security update (Important)
  • bugzilla
    id 1384344
    title CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124016
        • comment kernel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099003
      • AND
        • comment kernel-PAE is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124022
        • comment kernel-PAE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099019
      • AND
        • comment kernel-PAE-devel is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124024
        • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099017
      • AND
        • comment kernel-debug is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124008
        • comment kernel-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070993007
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124010
        • comment kernel-debug-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070993013
      • AND
        • comment kernel-devel is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124014
        • comment kernel-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099011
      • AND
        • comment kernel-doc is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124002
        • comment kernel-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099021
      • AND
        • comment kernel-headers is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124004
        • comment kernel-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099005
      • AND
        • comment kernel-kdump is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124018
        • comment kernel-kdump is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099015
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124020
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099013
      • AND
        • comment kernel-xen is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124006
        • comment kernel-xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099007
      • AND
        • comment kernel-xen-devel is earlier than 0:2.6.18-416.el5
          oval oval:com.redhat.rhsa:tst:20162124012
        • comment kernel-xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099009
    rhsa
    id RHSA-2016:2124
    released 2016-10-28
    severity Important
    title RHSA-2016:2124: kernel security and bug fix update (Important)
  • rhsa
    id RHSA-2016:2106
  • rhsa
    id RHSA-2016:2107
  • rhsa
    id RHSA-2016:2110
  • rhsa
    id RHSA-2016:2118
  • rhsa
    id RHSA-2016:2120
  • rhsa
    id RHSA-2016:2126
  • rhsa
    id RHSA-2016:2127
  • rhsa
    id RHSA-2016:2128
  • rhsa
    id RHSA-2016:2132
  • rhsa
    id RHSA-2016:2133
  • rhsa
    id RHSA-2017:0372
rpms
  • kernel-0:3.10.0-327.36.3.el7
  • kernel-abi-whitelists-0:3.10.0-327.36.3.el7
  • kernel-bootwrapper-0:3.10.0-327.36.3.el7
  • kernel-debug-0:3.10.0-327.36.3.el7
  • kernel-debug-devel-0:3.10.0-327.36.3.el7
  • kernel-devel-0:3.10.0-327.36.3.el7
  • kernel-doc-0:3.10.0-327.36.3.el7
  • kernel-headers-0:3.10.0-327.36.3.el7
  • kernel-kdump-0:3.10.0-327.36.3.el7
  • kernel-kdump-devel-0:3.10.0-327.36.3.el7
  • kernel-tools-0:3.10.0-327.36.3.el7
  • kernel-tools-libs-0:3.10.0-327.36.3.el7
  • kernel-tools-libs-devel-0:3.10.0-327.36.3.el7
  • perf-0:3.10.0-327.36.3.el7
  • python-perf-0:3.10.0-327.36.3.el7
  • kernel-0:2.6.32-642.6.2.el6
  • kernel-abi-whitelists-0:2.6.32-642.6.2.el6
  • kernel-bootwrapper-0:2.6.32-642.6.2.el6
  • kernel-debug-0:2.6.32-642.6.2.el6
  • kernel-debug-devel-0:2.6.32-642.6.2.el6
  • kernel-devel-0:2.6.32-642.6.2.el6
  • kernel-doc-0:2.6.32-642.6.2.el6
  • kernel-firmware-0:2.6.32-642.6.2.el6
  • kernel-headers-0:2.6.32-642.6.2.el6
  • kernel-kdump-0:2.6.32-642.6.2.el6
  • kernel-kdump-devel-0:2.6.32-642.6.2.el6
  • perf-0:2.6.32-642.6.2.el6
  • python-perf-0:2.6.32-642.6.2.el6
  • kernel-rt-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debug-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debug-devel-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debug-kvm-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-devel-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-doc-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-kvm-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-trace-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-trace-devel-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-trace-kvm-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-0:2.6.18-416.el5
  • kernel-PAE-0:2.6.18-416.el5
  • kernel-PAE-devel-0:2.6.18-416.el5
  • kernel-debug-0:2.6.18-416.el5
  • kernel-debug-devel-0:2.6.18-416.el5
  • kernel-devel-0:2.6.18-416.el5
  • kernel-doc-0:2.6.18-416.el5
  • kernel-headers-0:2.6.18-416.el5
  • kernel-kdump-0:2.6.18-416.el5
  • kernel-kdump-devel-0:2.6.18-416.el5
  • kernel-xen-0:2.6.18-416.el5
  • kernel-xen-devel-0:2.6.18-416.el5
  • kernel-0:4.5.0-15.2.1.el7
  • kernel-debug-0:4.5.0-15.2.1.el7
  • kernel-debug-devel-0:4.5.0-15.2.1.el7
  • kernel-devel-0:4.5.0-15.2.1.el7
  • kernel-headers-0:4.5.0-15.2.1.el7
  • kernel-tools-0:4.5.0-15.2.1.el7
  • kernel-tools-libs-0:4.5.0-15.2.1.el7
  • kernel-tools-libs-devel-0:4.5.0-15.2.1.el7
  • perf-0:4.5.0-15.2.1.el7
  • python-perf-0:4.5.0-15.2.1.el7
refmap via4
bid 93793
cert-vn VU#243144
confirm
exploit-db
  • 40611
  • 40616
  • 40839
  • 40847
misc
mlist [oss-security] 20161026 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
sectrack 1037078
saint via4
bid 93793
description Linux Dirty COW Local File Overwrite
id misc_linuxkernel
title linux_dirty_cow_local_file_overwrite
type tool
the hacker news via4
vmware via4
description The Linux kernel which ships with the base operating system of VMware Appliances contains a race condition in the way its memory subsystem handles copy-on-write (aka “Dirty COW”). Successful exploitation of the vulnerability may allow for local privilege escalation. The product lines listed in this advisory have been confirmed to be affected. VMware product lines that are not affected are documented in VMware Knowledge Base article 2147515.
id VMSA-2016-0018
last_updated 2016-11-22T00:00:00
published 2016-11-09T00:00:00
title VMware product updates address local privilege escalation vulnerability in Linux kernel
workaround None
Last major update 09-05-2017 - 21:29
Published 10-11-2016 - 16:59
Last modified 22-04-2019 - 13:48
Back to Top