REDHAT-BUG-1384344: Race Condition
First published: Thu Oct 13 2016(Updated: )
A race condition was found in the way Linux kernel's memory subsystem handled breakage of the read only private mappings COW situation on write access. An unprivileged local user could use this flaw to gain write access to otherwise read only memory mappings and thus increase their privileges on the system. Red Hat is aware of this issue and if you have questions about the affectedness of your system please contact Red Hat Support. For additional information see <a href="https://access.redhat.com/security/vulnerabilities/2706661">https://access.redhat.com/security/vulnerabilities/2706661</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/vulnerabilities/2706661
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c13
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1387080
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c16
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c21
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c23
- http://debuginfo.centos.org
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c31
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c32
- https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c36
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c37
- https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/
- https://github.com/pgporada/ansible-role-cve
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c26
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c24
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c40
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c30
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c46
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c42
- http://lists.openwall.net/linux-kernel/2011/03/03/54
- https://rhn.redhat.com/errata/RHSA-2016-2098.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c49
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c53
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c52
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c35
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c60
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c61
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c63
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c64
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c65
- http://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-642.6.2.el6.src.rpm
- http://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c68
- http://access.redhat.com/
- https://rhn.redhat.com/errata/RHSA-2016-2106.html
- https://rhn.redhat.com/errata/RHSA-2016-2107.html
- https://rhn.redhat.com/errata/RHSA-2016-2105.html
- https://rhn.redhat.com/errata/RHSA-2016-2110.html
- https://rhn.redhat.com/errata/RHSA-2016-2118.html
- https://rhn.redhat.com/errata/RHSA-2016-2120.html
- https://rhn.redhat.com/errata/RHSA-2016-2124.html
- https://rhn.redhat.com/errata/RHSA-2016-2127.html
- https://rhn.redhat.com/errata/RHSA-2016-2126.html
- https://rhn.redhat.com/errata/RHSA-2016-2128.html
- https://rhn.redhat.com/errata/RHSA-2016-2133.html
- https://rhn.redhat.com/errata/RHSA-2016-2132.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1384344#c94
- https://access.redhat.com/security/team/contact/
- https://rhn.redhat.com/errata/RHSA-2017-0372.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1384344
Frequently Asked Questions
What is the severity of REDHAT-BUG-1384344?
The severity of REDHAT-BUG-1384344 is classified as high due to the potential for unprivileged users to escalate their privileges.
How do I fix REDHAT-BUG-1384344?
To fix REDHAT-BUG-1384344, you need to update your kernel to the latest version provided by Red Hat that addresses this vulnerability.
What are the risks of not addressing REDHAT-BUG-1384344?
Not addressing REDHAT-BUG-1384344 could lead to unprivileged users gaining unauthorized write access to read-only memory mappings, compromising system integrity.
Who is affected by REDHAT-BUG-1384344?
REDHAT-BUG-1384344 affects systems running specific versions of the Red Hat Linux kernel where this vulnerability exists.
Is REDHAT-BUG-1384344 a remote vulnerability?
No, REDHAT-BUG-1384344 is not a remote vulnerability; it requires local access for exploitation.
- agent/references
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-5195
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat linux