The ancient bug, which existed in the Linux kernel since 2005, was patched in several recent updates, namely Linux kernel 4.8.3, Linux kernel 4.7.9, and Linux kernel 4.4.26 LTS.
The maintainers of other supported Linux kernel branches patched the bug, too, which is dubbed by researchers as “Dirty COW” and documented as CVE-2016-5195. As such those of running GNU/Linux distributions powered by kernels from the Linux 3.16, 3.12, 3.10, and 3.2 series there are new updates available for their systems.
The “Dirty COW” vulnerability, which is tagged in the appended shortlogs of the new kernel versions mentioned above as “mm: remove gup_flags FOLL_WRITE games from __get_user_pages()”, was patched by Linus Torvalds himself. The security flaw could have allowed local users to write to any file they can read. In other words, a local attacker could have gained administrative privileges to the affected system.
All these kernel branches are long-term supported (LTS), so it’s imperative that you update your Linux-based systems to either Linux kernel 3.16.38 LTS, Linux kernel 3.12.66 LTS, Linux kernel 3.10.104 LTS, or Linux kernel 3.2.83 LTS as soon as the new versions arrive in the stable software repositories of your favorite GNU/Linux operating system.
Submitted by: Arnfried Walbrecht
Comments are closed.