Dirty COW Linux Kernel Vulnerability

Edi Skraba

Dirty COW Linux Kernel Vulnerability

A serious privilege escalation vulnerability in Linux kernel affects most of Linux servers

Although most of “branded” vulnerabilities are objects of fun for the ITSEC community because of their over-hype, the one here is nothing to laugh about.

“Dirty COW” is the name of a new vulnerability discovered in Linux kernel. It was discovered on October 19, 2016 and has existed for a long time (at least since 2007, with kernel version 2.6.22 ) so the vast majority of servers are at risk.

The vulnerability is assigned a CVE ID: CVE-2016-5195 and is scored as a High severity with 7.8/10 points score with CVSSv3. Exploiting of this bug gives regular unprivileged users access to write any file they can read, so therefore root user privileges or accessing other users accounts could be a severe consequence. This may be especially problematic on shared servers like shared website hosting so if you use these make sure your provider is aware of that issue.

The fix is of course already applied in the Linux Kernel repository but as for distributions: Debian (and Debian based distributions like Ubuntu) has already released a fix here. As for RedHat, they only have a certain mitigation solution for now here however an official fix haven’t been yet released.

An important note here is that in most situations updated Kernel requires server reboot so don’t just rely on any automatic security patching solutions as those might not work.

More details can be found on the vulnerability page: https://dirtycow.ninja/

Edi Skraba