Описание
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
Отчет
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG 2.x. This issue has been rated as having Important security impact. Updates for each affected version are in progress and will be released as soon as possible. Shipping versions of Fedora are affected and Fedora is aware of this flaw. For additional information about this flaw, please see https://access.redhat.com/security/vulnerabilities/2706661
Меры по смягчению последствий
Please see bug 1384344 comment #13 (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13) for details on how to mitigate this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | kernel | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 5 | kernel | Fixed | RHSA-2016:2124 | 28.10.2016 |
| Red Hat Enterprise Linux 5.6 Long Life | kernel | Fixed | RHSA-2016:2127 | 31.10.2016 |
| Red Hat Enterprise Linux 5.9 Long Life | kernel | Fixed | RHSA-2016:2126 | 31.10.2016 |
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2016:2105 | 26.10.2016 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | kernel | Fixed | RHSA-2016:2132 | 01.11.2016 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | kernel | Fixed | RHSA-2016:2133 | 01.11.2016 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | kernel | Fixed | RHSA-2016:2120 | 27.10.2016 |
| Red Hat Enterprise Linux 6.5 Telco Extended Update Support | kernel | Fixed | RHSA-2016:2120 | 27.10.2016 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
6.9 Medium
CVSS2
Связанные уязвимости
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before ...
Security update for Linux Kernel Live Patch 15 for SLE 12
7.8 High
CVSS3
6.9 Medium
CVSS2