Dirty COW Zero-Day Patched

Tuesday, October 25, 2016 @ 08:10 AM gHale


A Zero Day vulnerability in the Linux kernel has been patched, researchers said.

The Linux kernel issues has been around since version 3.9, released in 2007, researchers said.

RELATED STORIES
Backdoor Hits WTP
New Backdoor Trojan
Switch in Malware Distribution
Linux DDoS Trojan Found

There is no evidence that attackers exploited the flaw since 2007, but security researcher Phil Oester notified Red Hat where an attacker deployed exploit code that leveraged the vulnerability.

According to Red Hat, CVE-2016-5195 is a race condition in the way the “Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.”

A race condition is a term used in computer science to describe tasks that execute in the incorrect order, which often crash applications or leave the door open for executing further code.

The vulnerability allowed for attackers to elevate their privileges on a targeted system, even to root level.

Dirty COW is not a real danger for the Linux ecosystem, but that doesn’t mean users should delay patching operations.

This is an ancient bug that was actually attempted to be fixed once (badly) by me eleven years ago in commit 4ceb5db9757a (“Fix get_user_pages() race for write access”) but that was then undone due to problems on s390 by commit f33ea7f404e5 (“fix get_user_pages bug”), said Linus Torvolds in the patch release.

“To fix it, we introduce a new internal FOLL_COW flag to mark the ‘yes, we already did a COW’ rather than play racy games with FOLL_WRITE that is very fundamental, and then use the pte dirty flag to validate that the FOLL_COW flag is still valid,” he said.



Leave a Reply

You must be logged in to post a comment.