Dirty COW

Dirty COW

(Image Source: http://dirtycow.ninja)

A new Linux vulnerability was found recently, allowing a user with limited access to gain root access to a Linux system.

With this vulnerability, called Dirty COW (Dirty Copy-On-Write), an attacker can get write access to read-only memory. It was found that this vulnerability exists in the Linux kernel for the last 9 years (!) and was patched only last week by the maintainers of the Linux kernel. As Red Hat describe it, “A race condition was found in the way Linux kernel’s memory subsystem handled breakage of the read only private mappings COW situation on write access. An unprivileged local user could use this flaw to gain write access to otherwise read only memory mappings and thus increase their privileges on the system.”

Phil Oester, a Linux developer, found that attackers are already exploiting this vulnerability. As he told ArsTechnica, he found the exploit using an HTTP packet capture which he uses to capture all the inbound traffic to his webservers.

As Linus Torvalds explains, it is an ancient bug that he attempted to fix elven years ago but it was later needed to be undone.

More information on the vulnerability can be found in the official page and on GitHub.

There is also a video explanation, showing how the vulnerability works –

Explaining Dirty COW local root exploit – CVE-2016-5195


As noted, the Linux kernel was already patched. To find more information and the status of this vulnerability on specific distributions, check the links below –

Red Hat Debian Ubuntu SUSE