← back
CVE-2016-5195

CVE-2016-5195

CVSS 7 HIGHEPSS 83.5%● KEVCWE-362
In short

A flaw in Linux allows someone on your computer to trick the system into writing to memory that should be read-only, letting them take control. This happened because the system didn't properly manage a copy-on-write feature that's supposed to protect memory.

Technical detail

Race condition in mm/gup.c affecting Linux kernel 2.x–4.x before 4.8.3 allows local privilege escalation by exploiting improper copy-on-write (COW) handling. An unprivileged user can write to read-only memory mappings by manipulating page references during concurrent access, leading to kernel-level code execution.

Summary generated and translated by AI from the official description.
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found75
githubgithub.com/timwr/CVE-2016-51951003githubgithub.com/firefart/dirtycow932githubgithub.com/scumjr/dirtycow-vdso511githubgithub.com/gbonacini/CVE-2016-5195340githubgithub.com/r1is/CVE-2022-0847282githubgithub.com/hyln9/VIKIROOT272githubgithub.com/Brucetg/DirtyCow-EXP141githubgithub.com/DavidBuchanan314/cowroot32githubgithub.com/aishee/scan-dirtycow16githubgithub.com/xlucas/dirtycow.cr13githubgithub.com/pgporada/ansible-role-cve10githubgithub.com/whu-enjoy/CVE-2016-519510githubgithub.com/imust6226/dirtcow9githubgithub.com/jas502n/CVE-2016-51957githubgithub.com/sideeffect42/DirtyCOWTester7githubgithub.com/oleg-fiksel/ansible_CVE-2016-5195_check6githubgithub.com/talsim/root-dirtyc0w5githubgithub.com/droidvoider/dirtycow-replacer4githubgithub.com/arttnba3/CVE-2016-51953githubgithub.com/LinuxKernelContent/DirtyCow3githubgithub.com/esc0rtd3w/org.cowpoop.moooooo3githubgithub.com/FloridSleeves/os-experiment-42githubgithub.com/DanielEbert/CVE-2016-51952githubgithub.com/LiEnby/PSSRoot2githubgithub.com/ASRTeam/CVE-2016-51951githubgithub.com/malinthag62/The-exploitation-of-Dirty-Cow-CVE-2016-51951githubgithub.com/TotallyNotAHaxxer/CVE-2016-51951githubgithub.com/0x3n19m4/CVE-2016-51951githubgithub.com/th3-5had0w/DirtyCOW-PoC1githubgithub.com/titanhp/Dirty-COW-CVE-2016-5195-Testing1githubgithub.com/arbll/dirtycow1githubgithub.com/EDLLT/CVE-2016-5195-master0githubgithub.com/KosukeShimofuji/CVE-2016-51950githubgithub.com/istenrot/centos-dirty-cow-ansible0githubgithub.com/ldenevi/CVE-2016-51950githubgithub.com/ndobson/inspec_CVE-2016-51950githubgithub.com/sribaba/android-CVE-2016-51950githubgithub.com/acidburnmi/CVE-2016-5195-master0githubgithub.com/xpcmdshell/derpyc0w0githubgithub.com/zakariamaaraki/Dirty-COW-CVE-2016-5195-0githubgithub.com/shanuka-ashen/Dirty-Cow-Explanation-CVE-2016-5195-0githubgithub.com/dulanjaya23/Dirty-Cow-CVE-2016-5195-0githubgithub.com/KaviDk/dirtyCow0githubgithub.com/passionchenjianyegmail8/scumjrs0githubgithub.com/1equeneRise/scumjr90githubgithub.com/fei9747/CVE-2016-51950githubgithub.com/h1n4mx0/Research-CVE-2016-51950githubgithub.com/ZhiQiAnSecFork/DirtyCOW_CVE-2016-51950githubgithub.com/sakilahamed/Linux-Kernel-Exploit-LAB0githubgithub.com/ASUKA39/CVE-2016-51950githubgithub.com/Samuel-G3/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow0githubgithub.com/mohammadamin382/dirtycow-lab0githubgithub.com/MarioAlejos-Cs/dirtycow-lab0githubgithub.com/pardhu045/linux-privilege-escalation0githubgithub.com/ramahmdr/dirtycow0githubgithub.com/elhaddadalaa788-alt/kernel-exploit-dirtycow-project-subm0githubgithub.com/theo543/OSDS_Paper_CVE-2016-51950githubgithub.com/maur0amaya/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow0githubgithub.com/KasunPriyashan/Y2S1-Project-Linux-Exploitaion-using-CVE-2016-5195-Vulnerability0githubgithub.com/vinspiert/scumjrs0cve_referencewww.exploit-db.com/exploits/40847/unverifiedcve_referencewww.exploit-db.com/exploits/40839/unverifiedexploitdbwww.exploit-db.com/exploits/40616unverifiedcve_referencewww.exploit-db.com/exploits/40616/unverifiedcve_referencewww.exploit-db.com/exploits/40611/unverifiedexploitdbwww.exploit-db.com/exploits/40847unverifiedcve_referencepacketstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.htmlunverifiedcve_referencepacketstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.htmlunverifiedcve_referencepacketstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.htmlunverifiedexploitdbwww.exploit-db.com/exploits/40838unverifiedcve_referencepacketstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/40839unverifiedcve_referencepacketstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.htmlunverifiedexploitdbwww.exploit-db.com/exploits/40611unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://fortiguard.com/advisory/FG-IR-16-063http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html