CVE-2016-5195 (dirty COW) Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability.


CVE-2016-5195 (dirty COW) Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability. I would like to know if the new security vulnerability issue confirmed in Cumulus Linux. I apprreciate for post the information regarding to CVE-2016-5195.

2 replies

Userlevel 4
This issue affects pretty much every linux kernel back into the 2.6 train which was first introduced ~9 years ago. Cumulus is also affected. Keep in mind, the most probable way to exploit this vulnerability is by using a local user account as a result, remote exploits are less likely on network equipment that only exposes SSH with well secured user access control. We have an internal bug open on the issue CM-13237. The vulnerability is scheduled to be fixed with a newly patched kernel as part of the 3.2 release (and the 2.5.11 release in the 2.5.x train). When more information is available there will likely be a message posted here --> https://support.cumulusnetworks.com/hc/en-us/sections/200400393-Security-Issues-and-Announcements
Userlevel 3
Clint, also feel free to join our security announcement mailing list, where we address security vulnerabilities.

https://lists.cumulusnetworks.com/listinfo/cumulus-security-announce

Reply