Zero-day vulnerability in Linux kernel

Privilege escalation
CVE-2016-5195

The vulnerability was discovered by security researcher Phil Oester and is called "DIRTY COW".
It is believed that the vulnerability was being exploited in the wild for quite some time.

Vulnerability details

Advisory: SB2016101901 - Privilege escalation in Linux kernel

Vulnerable component: Linux kernel

CVE-ID: CVE-2016-5195

CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Description:

The vulnerability allows a  local user to obtain elevated privileges on the target system.
The weakness is due to race condition in the kernel memory subsystem in the management of copy-on-write operations on read-only memory mappings that lets attackers to overwrite kernel memory and gain kernel-level privileges.
Successful exploitation of the vulnerability results in gaining of root privileges on the vulnerable system.

Note: the vulnerability was being actively exploited.

Public Exploits:

Latest references in media:

- Links 27/11/2018: GCC 7.4 Coming Soon and a Rare тАШSupply ChainтАЩ Incident [2018-11-27 20:31:43]

- Linux mining software could steal passwords and disable antivirus [2018-11-27 01:41:16]

- Experts found a new powerful modular Linux cryptominer [2018-11-26 10:20:15]

- Links 25/11/2018: DXVK 0.93 and Frogr 1.5 Released [2018-11-25 08:01:27]

- New Linux crypto-miner steals your root password and disables your antivirus | ZDNet [2018-11-23 21:10:09]

- New Crypto Malware Spreading that Infects Linux Machines [2018-11-23 02:51:02]

- Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software [2018-11-12 10:41:04]

- Cisco Accidentally Released Dirty Cow Exploit Code in Software [2018-11-08 18:40:09]

- All Day Devops: How to Secure Docker Containers [2018-09-26 16:01:11]

- OpenWall unveils kernel protection project [2018-02-05 09:10:01]

- LKRG: Linux to Get a Loadable Kernel Module for Runtime Integrity Checking [2018-02-04 12:40:51]

- Dirty COW redux: Linux devs patch botched patch for 2016 mess [2017-12-04 03:10:01]

- Researchers discover a vulnerability in the DIRTY COW original patch [2017-12-01 21:43:39]

- Flaw Found In Dirty COW Patch [2017-12-01 17:51:22]

- Many Vulnerabilities Found in Linux USB Subsystem [2017-11-08 17:21:13]

- Android malware ZNIU exploits DirtyCOW vulnerability [2017-09-29 15:00:56]

- ZNIU, the first Android malware family to exploit the Dirty COW vulnerability [2017-09-27 07:30:14]

- Android Malware Exploits Dirty COW Vulnerability [2017-09-26 18:12:09]

- Researchers Found First-Ever Android Malware that Exploits Dirty COW Linux Kernel Vulnerability to Gain Root Privileges [2017-09-26 16:00:18]

- Dirty Cow vulnerability discovered in Android malware campaign for the first time | ZDNet [2017-09-26 12:50:04]

- First Android Malware Discovered Using Dirty COW Exploit [2017-09-26 10:42:41]

- ZNIU: First Android Malware to Exploit Dirty COW Vulnerability [2017-09-26 05:10:24]

- Most vulnerabilities first blabbed about online or on the dark web [2017-06-08 12:00:01]

- For timely vulnerability information, unofficial sources are a better bet [2017-06-07 16:40:25]

- Another Years-Old Flaw Fixed in the Linux Kernel [2017-03-16 15:41:08]

- Linux Project Patches 11-Year-Old Security Flaw That Gives Attackers Root Access [2017-02-23 11:00:45]

- In Review: 2016тАЩs Mobile Threat Landscape Brings Diversity, Scale, and Scope [2017-01-19 00:07:10]

- Docker Patches Container Escape Vulnerability [2017-01-19 00:07:07]

- Remote Code Execution Bug Found in Ubuntu Quantal [2016-12-16 17:20:20]

- How to Find and Remediate Vulnerabilities in Real Time [2016-12-08 14:01:47]

- Don't have a (Dirty) COW, man: Android gets kernel hijack patch [2016-12-07 21:40:20]

- Researchers Devise New Dirty COW Attack Against Android [2016-12-07 15:44:49]

- New Flavor of Dirty COW Attack Discovered, Patched [2016-12-07 02:49:50]

- Google Patches 74 Vulnerabilities in Android [2016-12-06 23:04:23]

- Dirty Cow Vulnerability Patched in Android Security Bulletin [2016-12-05 21:34:23]

- CVE-2016-7461 code execution flaw affects VMware Workstation [2016-11-15 07:15:24]

- Hackers Find Code Execution Flaw in VMware Workstation [2016-11-14 14:33:59]

- November's Android Security Bulletin Patches Drammer and Dirty COW Exploits [2016-11-08 20:46:01]

- Google Releases Supplemental Patch for Dirty Cow Vulnerability [2016-11-08 19:44:35]

- Google Washes Dirty COW From Android [2016-11-08 18:34:20]

- Google Patches 23 Critical Vulnerabilities in Android [2016-11-08 14:33:42]

- Containers Can't Fence Dirty COW Vulnerability [2016-11-02 18:04:01]

- DirtyCow and Drammer vulnerabilities let attackers root or hijack Android devices [2016-11-02 00:24:17]

- Docker user? Haven't patched Dirty COW yet? Bad news тАж [2016-11-01 06:10:01]

- Cisco Patches 9 Flaws in Email Security Appliance [2016-10-27 09:54:30]

- DirtyCOW Linux hole works on Android too – “root at will” [2016-10-25 18:35:04]

- Android Root Exploits Abuse Dirty COW Vulnerability [2016-10-25 16:43:50]

- Easy-to-exploit rooting flaw puts Linux computers at risk [2016-10-21 18:33:42]

- Linux kernel bug: DirtyCOW “easyroot” hole and what you need to know [2016-10-21 18:14:35]

- Easy-to-exploit rooting flaw puts Linux computers at risk [2016-10-21 17:39:41]

- Serious Dirty Cow Linux Vulnerability Under Attack [2016-10-21 17:23:47]

- Dirty COW Linux kernel zero-day exploited in the wild is now patched [2016-10-21 15:43:33]

- Dirty COW is a privilege escalation vulnerability (CVE-2016-5195) in the Linux Kernel. [2016-10-21 12:09:18]

- The new Dirty COW Linux Kernel Exploit already used in attacks in the wild [2016-10-21 09:43:29]

- Dirty COW explained: Get a moooo-ve on and patch Linux root hole [2016-10-21 04:30:01]

- "Dirty COW" Linux Kernel Exploit Seen in the Wild [2016-10-20 16:52:45]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.