Linux Kernels 4.8.3, 4.7.9 & 4.4.26 LTS Out to Patch "Dirty COW" Security Flaw
Oct 20, 2016, 13:01 (0 Talkback[s])
(Other stories by Marius Nestor)
Known as "Dirty COW," the Linux kernel vulnerability documented at CVE-2016-5195 is, in fact, a nasty bug that could have allowed local users to write to any file they can read. The worst part is that the security flaw was present in various Linux kernel builds since at least the Linux 2.6.x series, which reached end of life in February this year. For those that are interested in more technical details, the "mm: remove gup_flags FOLL_WRITE games from __get_user_pages()" vulnerability was patched by Linus Torvalds himself, and it's a race condition discovered in Linux kernel's memory manager when handling copy-on-write breakage of private read-only memory mappings, which could have allowed a local attacker to gain administrative privileges (root access) to the affected system.