CVE-2016-5195 · threatengine.sh

Home/CVE/Linux Kernel Race Condition Vulnerability

CVE

CVE-2016-5195

Linux Kernel Race Condition Vulnerability

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW.".

HIGH · CVSS 7 ⚠ CISA KEV EPSS 0.93929

Act now

Listed on CISA KEV (known exploited in the wild)
SSVC exploitation status: active
EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 0% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬢

Required Remediation

Apply updates per vendor instructions.

⬡

Weakness Classification

CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

▤

Affected Products & Versions

28

canonical ubuntu linuxall versions
linux kernel>= 2.6.22 and < 3.2.83
linux kernel>= 3.3 and < 3.4.113
linux kernel>= 3.5 and < 3.10.104
linux kernel>= 3.11 and < 3.12.66
linux kernel>= 3.13 and < 3.16.38
linux kernel>= 3.17 and < 3.18.44
linux kernel>= 3.19 and < 4.1.35
Show all 28 affected productslinux kernel>= 4.2 and < 4.4.26
linux kernel>= 4.5 and < 4.7.9
linux kernel>= 4.8 and < 4.8.3
redhat enterprise linuxall versions
redhat enterprise linux ausall versions
redhat enterprise linux eusall versions
redhat enterprise linux long lifeall versions
redhat enterprise linux tusall versions
debian linuxall versions
fedoraproject fedoraall versions
paloaltonetworks pan-os>= 5.1 and < 7.0.14
paloaltonetworks pan-os>= 7.1.0 and < 7.1.8
netapp cloud backupall versions
netapp hci storage nodesall versions
netapp oncommand balanceall versions
netapp oncommand performance managerall versions
netapp oncommand unified manager for clustered data ontapall versions
netapp ontap select deploy administration utilityall versions
netapp snapprotectall versions
netapp solidfireall versions

⚠

Public Exploits & PoCs

11

localLinux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)verified
localLinux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)verified
localLinux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method)2016-10-26
localLinux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method)verified
localLinux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method)verified
pocpacketstormsecurity.com · Kernel-Live-Patch-Security-Notice-LSN-0012-1.htmlpacketstormsecurity.com
pocpacketstormsecurity.com · DirtyCow-Linux-Kernel-Race-Condition.htmlpacketstormsecurity.com
pocpacketstormsecurity.com · DirtyCow-Local-Root-Proof-Of-Concept.htmlpacketstormsecurity.com
pocpacketstormsecurity.com · Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalati...packetstormsecurity.com
pocpacketstormsecurity.com · Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalati...packetstormsecurity.com
pocpacketstormsecurity.com · Kernel-Live-Patch-Security-Notice-LSN-0021-1.htmlpacketstormsecurity.com

▣

Scoring & Timeline

7

HIGH · CVSS v3.1 · chrome-cve-admin@google.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD10 Nov 2016 · 09:59 PM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

active

Automatable

no

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

30

rhsaRHSA-2023:2458Moderate
suse-csafopenSUSE-SU-2024:10128-1
suse-csafopenSUSE-SU-2024:10901-1
cisaKEV-CVE-2016-5195
suse-csafopenSUSE-SU-2020:0554-1
Show all 30 vendor advisoriesrhsaRHSA-2018:0180Important
suse-csafSUSE-SU-2016:3304-1
suse-csafSUSE-SU-2016:3069-1
android-securityANDROID-2016-12-01High
android-securityANDROID-2016-11-01High
suse-csafSUSE-SU-2016:2673-1
suse-csafSUSE-SU-2016:2655-1
suse-csafSUSE-SU-2016:2657-1
suse-csafSUSE-SU-2016:2658-1
suse-csafSUSE-SU-2016:2659-1
suse-csafSUSE-SU-2016:2629-1
suse-csafSUSE-SU-2016:2630-1
suse-csafSUSE-SU-2016:2631-1
suse-csafSUSE-SU-2016:2632-1
suse-csafSUSE-SU-2016:2633-1
suse-csafSUSE-SU-2016:2634-1
suse-csafSUSE-SU-2016:2635-1
suse-csafSUSE-SU-2016:2636-1
suse-csafSUSE-SU-2016:2637-1
suse-csafSUSE-SU-2016:2638-1
usnUSN-3107-2
suse-csafSUSE-SU-2016:2614-1
suse-csafSUSE-SU-2016:2585-1
suse-csafSUSE-SU-2016:2592-1
suse-csafSUSE-SU-2016:2593-1

🔗

References & Sources

74

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://fortiguard.com/advisory/FG-IR-16-063Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619Issue TrackingPatchVendor Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.htmlMailing List

Show all 74 references

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2098.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2105.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2106.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2107.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2110.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2118.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2120.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2124.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2126.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2127.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2128.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2132.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2133.htmlThird Party Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linuxThird Party Advisory

http://www.debian.org/security/2016/dsa-3696Third Party Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-enThird Party Advisory

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3Release Notes

http://www.openwall.com/lists/oss-security/2016/10/21/1Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/10/26/7Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/10/27/13Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/10/30/1Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/11/03/7Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/03/07/1Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/08/08/1Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/08/08/2Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/08/08/7Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/08/08/8Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/08/09/4Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/08/15/1Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatchThird Party Advisory

http://www.securityfocus.com/archive/1/539611/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/540252/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/540344/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/540736/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/93793Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037078Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-3104-1Third Party Advisory

http://www.ubuntu.com/usn/USN-3104-2Third Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin