Vulnerability DatabaseCVE-2016-5195
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2016-5195
November 10, 2016
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Related ResourcesĀ (129)
https://dirtycow.ninja
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html
http://rhn.redhat.com/errata/RHSA-2016-2106.html
https://www.exploit-db.com/exploits/40616/
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
http://www.debian.org/security/2016/dsa-3696
http://www.ubuntu.com/usn/USN-3106-3
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html
http://www.openwall.com/lists/oss-security/2022/08/08/2
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
http://www.ubuntu.com/usn/USN-3105-1
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html
http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
http://www.ubuntu.com/usn/USN-3106-2
https://access.redhat.com/security/vulnerabilities/2706661
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html
http://www.openwall.com/lists/oss-security/2022/08/08/1
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded
http://rhn.redhat.com/errata/RHSA-2016-2128.html
https://access.redhat.com/errata/RHSA-2017:0372
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
http://rhn.redhat.com/errata/RHSA-2016-2132.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
https://bugzilla.suse.com/show_bug.cgi?id=1004418
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html
http://www.securityfocus.com/archive/1/540344/100/0/threaded
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html
http://www.openwall.com/lists/oss-security/2022/08/15/1
http://www.securitytracker.com/id/1037078
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
https://source.android.com/security/bulletin/2016-11-01.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html
http://www.ubuntu.com/usn/USN-3106-4
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/
https://www.exploit-db.com/exploits/40839/
https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
http://www.securityfocus.com/archive/1/540736/100/0/threaded
http://fortiguard.com/advisory/FG-IR-16-063
http://www.ubuntu.com/usn/USN-3106-1
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10222
http://rhn.redhat.com/errata/RHSA-2016-2133.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html
http://www.openwall.com/lists/oss-security/2016/10/26/7
http://seclists.org/fulldisclosure/2024/Aug/35
http://rhn.redhat.com/errata/RHSA-2016-2120.html
http://www.openwall.com/lists/oss-security/2022/08/09/4
http://www.openwall.com/lists/oss-security/2022/08/08/7
https://source.android.com/security/bulletin/2016-12-01.html
http://rhn.redhat.com/errata/RHSA-2016-2118.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html
http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
http://www.ubuntu.com/usn/USN-3105-2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html
http://www.openwall.com/lists/oss-security/2022/08/08/8
http://www.openwall.com/lists/oss-security/2016/10/27/13
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10177
http://www.securityfocus.com/archive/1/539611/100/0/threaded
http://www.openwall.com/lists/oss-security/2016/10/30/1
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
http://rhn.redhat.com/errata/RHSA-2016-2105.html
http://www.openwall.com/lists/oss-security/2016/11/03/7
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html
https://security.paloaltonetworks.com/CVE-2016-5195
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd
http://rhn.redhat.com/errata/RHSA-2016-2127.html
http://www.ubuntu.com/usn/USN-3104-2
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded
http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
https://www.exploit-db.com/exploits/40847/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html
http://rhn.redhat.com/errata/RHSA-2016-2098.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html
https://access.redhat.com/security/cve/CVE-2016-5195
https://kc.mcafee.com/corporate/index?page=content&id=SB10176
http://www.ubuntu.com/usn/USN-3107-2
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5195
http://rhn.redhat.com/errata/RHSA-2016-2124.html
http://www.ubuntu.com/usn/USN-3107-1
http://rhn.redhat.com/errata/RHSA-2016-2107.html
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
https://security-tracker.debian.org/tracker/CVE-2016-5195
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html
https://security.netapp.com/advisory/ntap-20161025-0001/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
http://rhn.redhat.com/errata/RHSA-2016-2110.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html
http://www.ubuntu.com/usn/USN-3104-1
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://www.kb.cert.org/vuls/id/243144
http://www.securityfocus.com/archive/1/540252/100/0/threaded
http://www.openwall.com/lists/oss-security/2022/03/07/1
http://rhn.redhat.com/errata/RHSA-2016-2126.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
http://www.openwall.com/lists/oss-security/2016/10/21/1
https://bto.bluecoat.com/security-advisory/sa134
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
http://www.securityfocus.com/bid/93793
https://www.exploit-db.com/exploits/40611/
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
ATTACKED
CVSS v3
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Exploit Maturity
HIGH
CVSS v2
Base Score:
7.2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362
EPSS
Base Score:
94.18