Date: Fri, 21 Oct 2016 02:31:04 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Hi, This was brought to the linux-distros list (and briefly inadvertently to the distros list, although discussion continued on linux-distros only) on October 13 and it was made public yesterday, so it must be in here as well. Unfortunately, no one posted about it in here so far (the person who brought this to [linux-]distros must have done so!), and I don't have time to make a proper posting (with full detail in the message itself, as per oss-security list content guidelines), but I figured it's better for me to post something than nothing at all. Red Hat's description: "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." https://access.redhat.com/security/cve/cve-2016-5195 https://bugzilla.redhat.com/show_bug.cgi?id=1384344 https://security-tracker.debian.org/tracker/CVE-2016-5195 http://www.v3.co.uk/v3-uk/news/2474845/linux-users-urged-to-protect-against-dirty-cow-security-flaw https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 https://lkml.org/lkml/2016/10/19/860 https://dirtycow.ninja https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails https://twitter.com/DirtyCOWVuln Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ