Vulnerability Description
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Linux | Linux Kernel | >= 2.6.22, < 3.2.83 |
| Redhat | Enterprise Linux | 5 |
| Redhat | Enterprise Linux Aus | 6.2 |
| Redhat | Enterprise Linux Eus | 6.6 |
| Redhat | Enterprise Linux Long Life | 5.6 |
| Redhat | Enterprise Linux Tus | 6.5 |
| Debian | Debian Linux | 7.0 |
| Fedoraproject | Fedora | 23 |
| Paloaltonetworks | Pan-Os | >= 5.1, < 7.0.14 |
| Netapp | Cloud Backup | - |
| Netapp | Hci Storage Nodes | - |
| Netapp | Oncommand Balance | - |
| Netapp | Oncommand Performance Manager | - |
| Netapp | Oncommand Unified Manager For Clustered Data Ontap | - |
| Netapp | Ontap Select Deploy Administration Utility | - |
| Netapp | Snapprotect | - |
| Netapp | Solidfire | - |
Related Weaknesses (CWE)
References
- http://fortiguard.com/advisory/FG-IR-16-063Third Party Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eIssue TrackingPatchVendor Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770Third Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774Third Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.htmlMailing List
FAQ
What is CVE-2016-5195?
CVE-2016-5195 is a vulnerability with a CVSS score of 7.0 (HIGH). Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-o...
How severe is CVE-2016-5195?
CVE-2016-5195 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5195?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Eus.