canonical ubuntu-linux CVE-2016-5195 vulnerability in Canonical and Other Products
Published on November 10, 2016

product logo product logo product logo product logo
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Linux Kernel Race Condition Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

The following remediation steps are recommended / required by March 24, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2016-5195 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Race Condition Vulnerability?

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CVE-2016-5195 has been classified to as a Race Condition vulnerability or weakness.


Products Associated with CVE-2016-5195

You can be notified by stack.watch whenever vulnerabilities like CVE-2016-5195 are published in these products:

Canonical Ubuntu Linux
 
Canonical Ubuntu Core
 
Linux Kernel
 
Red Hat Enterprise Linux Long Life
 
Red Hat Enterprise Linux Eus
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Aus
 
Red Hat Enterprise Linux Tus
 
Debian Linux
 

What versions are vulnerable to CVE-2016-5195?