CVE-2016-5195: Linux Kernel Race Condition Vulnerability
First published: Thu Oct 13 2016(Updated: )
A race condition was found in the way Linux kernel's memory subsystem handled breakage of the read only private mappings COW situation on write access. An unprivileged local user could use this flaw to gain write access to otherwise read only memory mappings and thus increase their privileges on the system. Red Hat is aware of this issue and if you have questions about the affectedness of your system please contact Red Hat Support. For additional information see <a href="https://access.redhat.com/security/vulnerabilities/2706661">https://access.redhat.com/security/vulnerabilities/2706661</a>
Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Android | ||
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =16.10 | |
| Linux Kernel | >=2.6.22<3.2.83 | |
| Linux Kernel | >=3.3<3.4.113 | |
| Linux Kernel | >=3.5<3.10.104 | |
| Linux Kernel | >=3.11<3.12.66 | |
| Linux Kernel | >=3.13<3.16.38 | |
| Linux Kernel | >=3.17<3.18.44 | |
| Linux Kernel | >=3.19<4.1.35 | |
| Linux Kernel | >=4.2<4.4.26 | |
| Linux Kernel | >=4.5<4.7.9 | |
| Linux Kernel | >=4.8<4.8.3 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| redhat enterprise linux aus | =6.2 | |
| redhat enterprise linux aus | =6.4 | |
| redhat enterprise linux aus | =6.5 | |
| redhat enterprise Linux eus | =6.6 | |
| redhat enterprise Linux eus | =6.7 | |
| redhat enterprise Linux eus | =7.1 | |
| Red Hat Enterprise Linux | =5.6 | |
| Red Hat Enterprise Linux | =5.9 | |
| redhat enterprise linux tus | =6.5 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| Fedora | =23 | |
| Fedora | =24 | |
| Fedora | =25 | |
| Palo Alto Networks PAN-OS | >=5.1<7.0.14 | |
| Palo Alto Networks PAN-OS | >=7.1.0<7.1.8 | |
| netapp cloud backup | ||
| NetApp HCI Storage Nodes | ||
| NetApp OnCommand Balance | ||
| NetApp OnCommand Performance Manager | ||
| NetApp OnCommand Unified Manager | ||
| NetApp ONTAP Select Deploy | ||
| NetApp SnapProtect | ||
| netapp solidfire |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://fortiguard.com/advisory/FG-IR-16-063
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
- http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
- http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
- http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
- http://rhn.redhat.com/errata/RHSA-2016-2098.html
- http://rhn.redhat.com/errata/RHSA-2016-2105.html
- http://rhn.redhat.com/errata/RHSA-2016-2106.html
- http://rhn.redhat.com/errata/RHSA-2016-2107.html
- http://rhn.redhat.com/errata/RHSA-2016-2110.html
- http://rhn.redhat.com/errata/RHSA-2016-2118.html
- http://rhn.redhat.com/errata/RHSA-2016-2120.html
- http://rhn.redhat.com/errata/RHSA-2016-2124.html
- http://rhn.redhat.com/errata/RHSA-2016-2126.html
- http://rhn.redhat.com/errata/RHSA-2016-2127.html
- http://rhn.redhat.com/errata/RHSA-2016-2128.html
- http://rhn.redhat.com/errata/RHSA-2016-2132.html
- http://rhn.redhat.com/errata/RHSA-2016-2133.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
- http://www.debian.org/security/2016/dsa-3696
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
- http://www.openwall.com/lists/oss-security/2016/10/21/1
- http://www.openwall.com/lists/oss-security/2016/10/26/7
- http://www.openwall.com/lists/oss-security/2016/10/27/13
- http://www.openwall.com/lists/oss-security/2016/10/30/1
- http://www.openwall.com/lists/oss-security/2016/11/03/7
- http://www.openwall.com/lists/oss-security/2022/03/07/1
- http://www.openwall.com/lists/oss-security/2022/08/08/1
- http://www.openwall.com/lists/oss-security/2022/08/08/2
- http://www.openwall.com/lists/oss-security/2022/08/08/7
- http://www.openwall.com/lists/oss-security/2022/08/08/8
- http://www.openwall.com/lists/oss-security/2022/08/09/4
- http://www.openwall.com/lists/oss-security/2022/08/15/1
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/archive/1/539611/100/0/threaded
- http://www.securityfocus.com/archive/1/540252/100/0/threaded
- http://www.securityfocus.com/archive/1/540344/100/0/threaded
- http://www.securityfocus.com/archive/1/540736/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded
- http://www.securityfocus.com/bid/93793
- http://www.securitytracker.com/id/1037078
- http://www.ubuntu.com/usn/USN-3104-1
- http://www.ubuntu.com/usn/USN-3104-2
- http://www.ubuntu.com/usn/USN-3105-1
- http://www.ubuntu.com/usn/USN-3105-2
- http://www.ubuntu.com/usn/USN-3106-1
- http://www.ubuntu.com/usn/USN-3106-2
- http://www.ubuntu.com/usn/USN-3106-3
- http://www.ubuntu.com/usn/USN-3106-4
- http://www.ubuntu.com/usn/USN-3107-1
- http://www.ubuntu.com/usn/USN-3107-2
- https://access.redhat.com/errata/RHSA-2017:0372
- https://access.redhat.com/security/cve/cve-2016-5195
- https://access.redhat.com/security/vulnerabilities/2706661
- https://bto.bluecoat.com/security-advisory/sa134
- https://bugzilla.redhat.com/show_bug.cgi?id=1384344
- https://bugzilla.suse.com/show_bug.cgi?id=1004418
- https://dirtycow.ninja
- https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
- https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
- https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kc.mcafee.com/corporate/index?page=content&id=SB10176
- https://kc.mcafee.com/corporate/index?page=content&id=SB10177
- https://kc.mcafee.com/corporate/index?page=content&id=SB10222
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
- https://security-tracker.debian.org/tracker/CVE-2016-5195
- https://security.netapp.com/advisory/ntap-20161025-0001/
- https://security.paloaltonetworks.com/CVE-2016-5195
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-12-01.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
- https://www.exploit-db.com/exploits/40611/
- https://www.exploit-db.com/exploits/40616/
- https://www.exploit-db.com/exploits/40839/
- https://www.exploit-db.com/exploits/40847/
- https://www.kb.cert.org/vuls/id/243144
- https://kc.mcafee.com/corporate/index?page=content&id=SB10176
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
- https://kc.mcafee.com/corporate/index?page=content&id=SB10177
- https://kc.mcafee.com/corporate/index?page=content&id=SB10222
- https://launchpad.net/bugs/cve/CVE-2016-5195
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c13
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1387080
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c16
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c21
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c23
- http://debuginfo.centos.org
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c31
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c32
- https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c36
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c37
- https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/
- https://github.com/pgporada/ansible-role-cve
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c26
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c24
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c40
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c30
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c46
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c42
- http://lists.openwall.net/linux-kernel/2011/03/03/54
- https://rhn.redhat.com/errata/RHSA-2016-2098.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c49
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c53
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c52
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c35
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c60
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c61
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c63
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c64
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c65
- http://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-642.6.2.el6.src.rpm
- http://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c68
- http://access.redhat.com/
- https://rhn.redhat.com/errata/RHSA-2016-2106.html
- https://rhn.redhat.com/errata/RHSA-2016-2107.html
- https://rhn.redhat.com/errata/RHSA-2016-2105.html
- https://rhn.redhat.com/errata/RHSA-2016-2110.html
- https://rhn.redhat.com/errata/RHSA-2016-2118.html
- https://rhn.redhat.com/errata/RHSA-2016-2120.html
- https://rhn.redhat.com/errata/RHSA-2016-2124.html
- https://rhn.redhat.com/errata/RHSA-2016-2127.html
- https://rhn.redhat.com/errata/RHSA-2016-2126.html
- https://rhn.redhat.com/errata/RHSA-2016-2128.html
- https://rhn.redhat.com/errata/RHSA-2016-2133.html
- https://rhn.redhat.com/errata/RHSA-2016-2132.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c94
- https://access.redhat.com/security/team/contact/
- https://rhn.redhat.com/errata/RHSA-2017-0372.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/
- https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=9691eac5593ff1e2f82391ad327f21d90322aec1
- https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=e45a502bdeae5a075257c4f061d1ff4ff0821354
- https://source.android.com/docs/security/bulletin/2016-11-01 (Advisory)
- https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://nvd.nist.gov/vuln/detail/CVE-2016-5195
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
- https://ubuntu.com/security/CVE-2016-5195
Frequently Asked Questions
What is the severity of CVE-2016-5195?
CVE-2016-5195 is considered a high severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2016-5195?
To fix CVE-2016-5195, update your Linux kernel to a version that has addressed this vulnerability.
Which Linux kernel versions are affected by CVE-2016-5195?
CVE-2016-5195 affects multiple versions of the Linux kernel from 2.6.22 up to version 4.8.3.
Can unprivileged users exploit CVE-2016-5195?
Yes, unprivileged local users can exploit CVE-2016-5195 to gain unauthorized write access to read-only memory mappings.
What systems are impacted by CVE-2016-5195?
CVE-2016-5195 impacts various systems, including Ubuntu, Red Hat Enterprise Linux, and Debian.
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/type
- agent/title
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-5195
- agent/severity
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- agent/trending
- agent/source
- collector/mitre-cve
- source/MITRE
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/android-source
- source/Android
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- package-manager/debian
- vendor/google
- canonical/android
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/16.10
- version/linux kernel/2.6.22
- version/linux kernel/3.3
- version/linux kernel/3.5
- version/linux kernel/3.11
- version/linux kernel/3.13
- version/linux kernel/3.17
- version/linux kernel/3.19
- version/linux kernel/4.2
- version/linux kernel/4.5
- version/linux kernel/4.8
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- canonical/redhat enterprise linux aus
- version/redhat enterprise linux aus/6.2
- version/redhat enterprise linux aus/6.4
- version/redhat enterprise linux aus/6.5
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.6
- version/redhat enterprise linux eus/6.7
- version/redhat enterprise linux eus/7.1
- version/red hat enterprise linux/5.6
- version/red hat enterprise linux/5.9
- canonical/redhat enterprise linux tus
- version/redhat enterprise linux tus/6.5
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/23
- version/fedora/24
- version/fedora/25
- vendor/paloaltonetworks
- canonical/palo alto networks pan-os
- version/palo alto networks pan-os/5.1
- version/palo alto networks pan-os/7.1.0
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp hci storage nodes
- canonical/netapp oncommand balance
- canonical/netapp oncommand performance manager
- canonical/netapp oncommand unified manager
- canonical/netapp ontap select deploy
- canonical/netapp snapprotect
- canonical/netapp solidfire