CVE-2016-5195

Current Description

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Basic Data

PublishedNovember 10, 2016
Last ModifiedFebruary 17, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-362
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.8
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Core15.04*******
    2.3OSCanonicalUbuntu Linux12.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********2.0.04.8.3
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux5*******
    2.3OSRedhatEnterprise Linux6.0*******
    2.3OSRedhatEnterprise Linux7.0*******
    2.3OSRedhatEnterprise Linux Aus6.2*******
    2.3OSRedhatEnterprise Linux Aus6.4*******
    2.3OSRedhatEnterprise Linux Aus6.5*******
    2.3OSRedhatEnterprise Linux Eus6.6*******
    2.3OSRedhatEnterprise Linux Eus6.7*******
    2.3OSRedhatEnterprise Linux Eus7.1*******
    2.3OSRedhatEnterprise Linux Long Life5.6*******
    2.3OSRedhatEnterprise Linux Long Life5.9*******
    2.3OSRedhatEnterprise Linux Tus6.5*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
    2.3OSDebianDebian Linux8.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 7.0, 8.0
Canonical Ubuntu Core 15.04
Canonical Ubuntu Linux 12.04, 16.04
Redhat Enterprise Linux Eus 6.6, 6.7, 7.1
Redhat Enterprise Linux 5, 6.0, 7.0
Redhat Enterprise Linux Aus 6.2, 6.4, 6.5
Redhat Enterprise Linux Long Life 5.6, 5.9
Redhat Enterprise Linux Tus 6.5
Linux Linux Kernel *

References

NameSourceURLTags
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bCONFIRMIssue Tracking Patch Vendor Advisory
openSUSE-SU-2020:0554http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.htmlSUSE
RHSA-2016:2098http://rhn.redhat.com/errata/RHSA-2016-2098.htmlREDHATThird Party Advisory
RHSA-2016:2105http://rhn.redhat.com/errata/RHSA-2016-2105.htmlREDHATThird Party Advisory
RHSA-2016:2106http://rhn.redhat.com/errata/RHSA-2016-2106.htmlREDHATThird Party Advisory
RHSA-2016:2107http://rhn.redhat.com/errata/RHSA-2016-2107.htmlREDHATThird Party Advisory
RHSA-2016:2110http://rhn.redhat.com/errata/RHSA-2016-2110.htmlREDHATThird Party Advisory
RHSA-2016:2118http://rhn.redhat.com/errata/RHSA-2016-2118.htmlREDHATThird Party Advisory
RHSA-2016:2120http://rhn.redhat.com/errata/RHSA-2016-2120.htmlREDHATThird Party Advisory
RHSA-2016:2124http://rhn.redhat.com/errata/RHSA-2016-2124.htmlREDHATThird Party Advisory
RHSA-2016:2126http://rhn.redhat.com/errata/RHSA-2016-2126.htmlREDHATThird Party Advisory
RHSA-2016:2127http://rhn.redhat.com/errata/RHSA-2016-2127.htmlREDHATThird Party Advisory
RHSA-2016:2128http://rhn.redhat.com/errata/RHSA-2016-2128.htmlREDHATThird Party Advisory
RHSA-2016:2132http://rhn.redhat.com/errata/RHSA-2016-2132.htmlREDHATThird Party Advisory
RHSA-2016:2133http://rhn.redhat.com/errata/RHSA-2016-2133.htmlREDHATThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3CONFIRMRelease Notes Vendor Advisory
[oss-security] 20161026 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerabilityhttp://www.openwall.com/lists/oss-security/2016/10/26/7MLISTMailing List Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlCONFIRMPatch Third Party Advisory
93793http://www.securityfocus.com/bid/93793BIDThird Party Advisory VDB Entry
1037078http://www.securitytracker.com/id/1037078SECTRACKThird Party Advisory VDB Entry
RHSA-2017:0372https://access.redhat.com/errata/RHSA-2017:0372REDHATThird Party Advisory
https://access.redhat.com/security/cve/cve-2016-5195https://access.redhat.com/security/cve/cve-2016-5195CONFIRMThird Party Advisory
https://access.redhat.com/security/vulnerabilities/2706661https://access.redhat.com/security/vulnerabilities/2706661CONFIRMThird Party Advisory
https://bto.bluecoat.com/security-advisory/sa134https://bto.bluecoat.com/security-advisory/sa134CONFIRMThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1384344https://bugzilla.redhat.com/show_bug.cgi?id=1384344CONFIRMIssue Tracking Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1004418https://bugzilla.suse.com/show_bug.cgi?id=1004418CONFIRMIssue Tracking Third Party Advisory
https://dirtycow.ninjahttps://dirtycow.ninjaMISCThird Party Advisory
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCshttps://github.com/dirtycow/dirtycow.github.io/wiki/PoCsMISCThird Party Advisory
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetailshttps://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetailsMISCThird Party Advisory
https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619CONFIRMIssue Tracking Patch Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_usCONFIRMThird Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_usCONFIRMThird Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_usCONFIRMThird Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_usCONFIRMThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463CONFIRMThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541CONFIRMThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241CONFIRMThird Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+VuCONFIRMThird Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10176https://kc.mcafee.com/corporate/index?page=content&id=SB10176CONFIRMThird Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.htmlhttps://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.htmlCONFIRMThird Party Advisory
https://security.netapp.com/advisory/ntap-20161025-0001/https://security.netapp.com/advisory/ntap-20161025-0001/CONFIRMThird Party Advisory
https://security.paloaltonetworks.com/CVE-2016-5195https://security.paloaltonetworks.com/CVE-2016-5195CONFIRM
https://security-tracker.debian.org/tracker/CVE-2016-5195https://security-tracker.debian.org/tracker/CVE-2016-5195CONFIRMIssue Tracking Third Party Advisory
https://source.android.com/security/bulletin/2016-11-01.htmlhttps://source.android.com/security/bulletin/2016-11-01.htmlCONFIRMThird Party Advisory
https://source.android.com/security/bulletin/2016-12-01.htmlhttps://source.android.com/security/bulletin/2016-12-01.htmlCONFIRMThird Party Advisory
40611https://www.exploit-db.com/exploits/40611/EXPLOIT-DBThird Party Advisory VDB Entry
40616https://www.exploit-db.com/exploits/40616/EXPLOIT-DBThird Party Advisory VDB Entry
40839https://www.exploit-db.com/exploits/40839/EXPLOIT-DBThird Party Advisory VDB Entry
40847https://www.exploit-db.com/exploits/40847/EXPLOIT-DBThird Party Advisory VDB Entry
VU#243144https://www.kb.cert.org/vuls/id/243144CERT-VNThird Party Advisory US Government Resource