Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
1

CVE-2016-5195

Disclosure Date: November 10, 2016
CVE-2016-5195 CVSS v3 Base Score: 7.0
Exploited in the Wild
Reported by gwillcox-r7
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.”

Add Assessment

1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.0 High
Impact Score:
5.9
Exploitability Score:
1
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • fedoraproject,
  • linux,
  • netapp,
  • paloaltonetworks,
  • redhat

Products

  • cloud backup -,
  • debian linux 7.0,
  • debian linux 8.0,
  • enterprise linux 5,
  • enterprise linux 6.0,
  • enterprise linux 7.0,
  • enterprise linux aus 6.2,
  • enterprise linux aus 6.4,
  • enterprise linux aus 6.5,
  • enterprise linux eus 6.6,
  • enterprise linux eus 6.7,
  • enterprise linux eus 7.1,
  • enterprise linux long life 5.6,
  • enterprise linux long life 5.9,
  • enterprise linux tus 6.5,
  • fedora 23,
  • fedora 24,
  • fedora 25,
  • hci storage nodes -,
  • linux kernel,
  • oncommand balance -,
  • oncommand performance manager -,
  • oncommand unified manager for clustered data ontap -,
  • ontap select deploy administration utility -,
  • pan-os,
  • snapprotect -,
  • solidfire -,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 16.10

Exploited in the Wild

Reported by:

References

Canonical
CVE-2016-5195 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195)
BID-93793 (http://www.securityfocus.com/bid/93793)
Advisory
http://rhn.redhat.com/errata/RHSA-2016-2107.html
EXPLOIT-DB-40616 (https://www.exploit-db.com/exploits/40616)
https://access.redhat.com/errata/RHSA-2017:0372
https://bto.bluecoat.com/security-advisory/sa134
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
EXPLOIT-DB-40839 (https://www.exploit-db.com/exploits/40839)
EXPLOIT-DB-40847 (https://www.exploit-db.com/exploits/40847)
http://rhn.redhat.com/errata/RHSA-2016-2118.html
http://rhn.redhat.com/errata/RHSA-2016-2128.html
https://source.android.com/security/bulletin/2016-12-01.html
http://rhn.redhat.com/errata/RHSA-2016-2120.html
[oss-security] 20161026 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability (http://www.openwall.com/lists/oss-security/2016/10/26/7)
http://rhn.redhat.com/errata/RHSA-2016-2133.html
http://rhn.redhat.com/errata/RHSA-2016-2098.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
VU#243144 (https://www.kb.cert.org/vuls/id/243144)
https://bugzilla.suse.com/show_bug.cgi?id=1004418
SECTRACK-1037078 (http://www.securitytracker.com/id/1037078)
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
https://security.netapp.com/advisory/ntap-20161025-0001
http://rhn.redhat.com/errata/RHSA-2016-2127.html
https://security-tracker.debian.org/tracker/CVE-2016-5195
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
https://access.redhat.com/security/vulnerabilities/2706661
http://rhn.redhat.com/errata/RHSA-2016-2106.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
EXPLOIT-DB-40611 (https://www.exploit-db.com/exploits/40611)
https://access.redhat.com/security/cve/cve-2016-5195
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
http://rhn.redhat.com/errata/RHSA-2016-2124.html
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
http://rhn.redhat.com/errata/RHSA-2016-2105.html
http://rhn.redhat.com/errata/RHSA-2016-2126.html
http://rhn.redhat.com/errata/RHSA-2016-2132.html
http://rhn.redhat.com/errata/RHSA-2016-2110.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
https://kc.mcafee.com/corporate/index?page=content&id=SB10176
https://security.paloaltonetworks.com/CVE-2016-5195
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
EXPLOIT-DB-40616 (https://www.exploit-db.com/exploits/40616/)
EXPLOIT-DB-40839 (https://www.exploit-db.com/exploits/40839/)
EXPLOIT-DB-40847 (https://www.exploit-db.com/exploits/40847/)
https://security.netapp.com/advisory/ntap-20161025-0001/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
EXPLOIT-DB-40611 (https://www.exploit-db.com/exploits/40611/)
SUSE-SU-2016:2635 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html)
SUSE-SU-2016:2659 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html)
[oss-security] 20161027 CVE-2016-5195 test case (http://www.openwall.com/lists/oss-security/2016/10/27/13)
USN-3106-2 (http://www.ubuntu.com/usn/USN-3106-2)
openSUSE-SU-2016:2583 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html)
SUSE-SU-2016:2633 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
SUSE-SU-2016:2638 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html)
openSUSE-SU-2016:2584 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html)
SUSE-SU-2016:2658 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html)
SUSE-SU-2016:2631 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html)
USN-3106-3 (http://www.ubuntu.com/usn/USN-3106-3)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
SUSE-SU-2016:2655 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html)
FEDORA-2016-c3558808cd (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/)
20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege (http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded)
SUSE-SU-2016:2637 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html)
SUSE-SU-2016:2596 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html)
SUSE-SU-2016:2634 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html)
20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd)
20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016 (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
https://kc.mcafee.com/corporate/index?page=content&id=SB10177
SUSE-SU-2016:2657 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html)
SUSE-SU-2016:2614 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html)
USN-3105-2 (http://www.ubuntu.com/usn/USN-3105-2)
USN-3107-1 (http://www.ubuntu.com/usn/USN-3107-1)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
USN-3107-2 (http://www.ubuntu.com/usn/USN-3107-2)
20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege (http://www.securityfocus.com/archive/1/540344/100/0/threaded)
openSUSE-SU-2016:2625 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html)
USN-3106-1 (http://www.ubuntu.com/usn/USN-3106-1)
USN-3106-4 (http://www.ubuntu.com/usn/USN-3106-4)
[oss-security] 20161030 Re: CVE-2016-5195 test case (http://www.openwall.com/lists/oss-security/2016/10/30/1)
SUSE-SU-2016:2673 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html)
USN-3104-2 (http://www.ubuntu.com/usn/USN-3104-2)
http://fortiguard.com/advisory/FG-IR-16-063
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
SUSE-SU-2016:2629 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html)
20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability (http://www.securityfocus.com/archive/1/539611/100/0/threaded)
SUSE-SU-2016:2632 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html)
20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege (http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded)
USN-3105-1 (http://www.ubuntu.com/usn/USN-3105-1)
SUSE-SU-2016:2630 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html)
FEDORA-2016-db4b75b352 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/)
FEDORA-2016-c8a0c7eece (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/)
[oss-security] 20161103 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability (http://www.openwall.com/lists/oss-security/2016/11/03/7)
SUSE-SU-2016:2636 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html)
SUSE-SU-2016:3069 (http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html)
https://kc.mcafee.com/corporate/index?page=content&id=SB10222
DSA-3696 (http://www.debian.org/security/2016/dsa-3696)
SUSE-SU-2016:2592 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html)
20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege (http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded)
20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability (http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded)
USN-3104-1 (http://www.ubuntu.com/usn/USN-3104-1)
20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege (http://www.securityfocus.com/archive/1/540736/100/0/threaded)
SUSE-SU-2016:2593 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html)
SUSE-SU-2016:3304 (http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html)
[oss-security] 20161021 CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability (http://www.openwall.com/lists/oss-security/2016/10/21/1)
20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege (http://www.securityfocus.com/archive/1/540252/100/0/threaded)
SUSE-SU-2016:2585 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html)
openSUSE-SU-2016:2649 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html)
[oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files (http://www.openwall.com/lists/oss-security/2022/03/07/1)
[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (http://www.openwall.com/lists/oss-security/2022/08/08/2)
[oss-security] 20220808 CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (http://www.openwall.com/lists/oss-security/2022/08/08/1)
[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (http://www.openwall.com/lists/oss-security/2022/08/08/7)
[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (http://www.openwall.com/lists/oss-security/2022/08/08/8)
[oss-security] 20220809 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (http://www.openwall.com/lists/oss-security/2022/08/09/4)
[oss-security] 20220815 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (http://www.openwall.com/lists/oss-security/2022/08/15/1)
Miscellaneous
https://dirtycow.ninja
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
https://source.android.com/security/bulletin/2016-11-01.html
http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis