Bug 32643 - CVE-2016-5195: "Dirty COW" Linux kernel privilege escalation vulnerability
Summary: CVE-2016-5195: "Dirty COW" Linux kernel privilege escalation vulnerability
Status: NEW
Alias: None
Product: ALT Linux Centaurus
Classification: Distributions
Component: Ошибки работы (show other bugs)
Version: не указана
Hardware: all Linux
: P3 major
Assignee: Anton V. Boyarshinov
QA Contact: qa-p7@altlinux.org
URL: http://seclists.org/oss-sec/2016/q4/204
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-21 13:50 MSK by Mikhail Kasimov
Modified: 2016-10-21 13:50 MSK (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-10-21 13:50:33 MSK
Reference: http://seclists.org/oss-sec/2016/q4/204
===================================================
Hi,

This was brought to the linux-distros list (and briefly inadvertently to
the distros list, although discussion continued on linux-distros only)
on October 13 and it was made public yesterday, so it must be in here as
well.  Unfortunately, no one posted about it in here so far (the person
who brought this to [linux-]distros must have done so!), and I don't
have time to make a proper posting (with full detail in the message
itself, as per oss-security list content guidelines), but I figured it's
better for me to post something than nothing at all.

Red Hat's description:

"A race condition was found in the way the Linux kernel's memory
subsystem handled the copy-on-write (COW) breakage of private read-only
memory mappings.  An unprivileged local user could use this flaw to gain
write access to otherwise read-only memory mappings and thus increase
their privileges on the system."

https://access.redhat.com/security/cve/cve-2016-5195
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
https://security-tracker.debian.org/tracker/CVE-2016-5195
http://www.v3.co.uk/v3-uk/news/2474845/linux-users-urged-to-protect-against-dirty-cow-security-flaw
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
https://lkml.org/lkml/2016/10/19/860
https://dirtycow.ninja
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
https://twitter.com/DirtyCOWVuln

Alexander
===================================================