Описание
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
Отчет
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG 2.x. This issue has been rated as having Important security impact.
Меры по смягчению последствий
Please see bug 1384344 comment #13 (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13) for details on how to mitigate this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | kernel | Not affected | ||
| Red Hat Enterprise Linux 5 | kernel | Fixed | RHSA-2016:2124 | 28.10.2016 |
| Red Hat Enterprise Linux 5.6 Long Life | kernel | Fixed | RHSA-2016:2127 | 31.10.2016 |
| Red Hat Enterprise Linux 5.9 Long Life | kernel | Fixed | RHSA-2016:2126 | 31.10.2016 |
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2016:2105 | 26.10.2016 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | kernel | Fixed | RHSA-2016:2132 | 01.11.2016 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | kernel | Fixed | RHSA-2016:2133 | 01.11.2016 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | kernel | Fixed | RHSA-2016:2120 | 27.10.2016 |
| Red Hat Enterprise Linux 6.5 Telco Extended Update Support | kernel | Fixed | RHSA-2016:2120 | 27.10.2016 |
| Red Hat Enterprise Linux 6.6 Extended Update Support | kernel | Fixed | RHSA-2016:2128 | 31.10.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
6.9 Medium
CVSS2
Связанные уязвимости
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before ...
Security update for Linux Kernel Live Patch 15 for SLE 12
EPSS
7.8 High
CVSS3
6.9 Medium
CVSS2