A new Linux kernel vulnerability disclosed on Wednesday allows an unprivileged local attacker to escalate their privileges on a targeted system. Red Hat said it was aware of an exploit in the wild.
The vulnerability, discovered by Phil Oester, was sarcastically dubbed by some people “Dirty COW” due to the fact that it’s caused by a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings.
The security hole, tracked as CVE-2016-5195, allows local attackers to escalate their privileges on the targeted system by modifying existing setuid files, Red Had said in its advisory.
“An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system,” the company explained.
Red Hat, which classified the flaw as “important,” said it was aware of an exploit leveraging this technique in the wild, but the company has not shared any other information. A fix has already been developed and Linux distributions have started releasing updates.
An increasing number of vulnerabilities have been branded since the discovery of Heartbleed. While some believe that branding a flaw could have a positive impact, others are concerned that branding even low-risk issues could lead to companies ignoring the vulnerabilities that really matter.
The people who created the Dirty COW website, logo and Twitter account have admitted that this vulnerability is not as serious as others and they claim to have branded it to make fun of branded flaws. They even created a shop that sells “Dirty COW” mugs and t-shirts for thousands of dollars.
Linux Kernel Vulnerabilities
Google security researcher Kees Cook has analyzed the Linux kernel vulnerabilities discovered since 2011 in an effort to determine for how long they go unnoticed after they are introduced in a Linux release.
Based on the analysis of 557 CVE identifiers assigned to Linux kernel flaws since 2011, Cook determined that their average lifespan is roughly 5 years. According to the expert, high severity issues are fixed after 6.4 years, while critical issues are discovered, on average, after 3.3 years.
Related: Ubuntu Patches Several Kernel Vulnerabilities
Related: Linux Kernel Flaw Puts Millions of Devices at Risk
Related: Linux Kernel Flaw Exposes Most Android Devices to Attacks
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks
- Barracuda Zero-Day Attacks Attributed to Chinese Cyberespionage Group
- Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits
- Threat Intelligence Firm Silent Push Launches With $10 Million in Seed Funding
- ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities
- CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored
- New Research Shows Potential of Electromagnetic Fault Injection Attacks Against Drones
- Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks
Latest News
- Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?
- Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco
- VMware Confirms Live Exploits Hitting Just-Patched Security Flaw
- Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps
- Russian APT Group Caught Hacking Roundcube Email Servers
- Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack
- OT:Icefall: Vulnerabilities Identified in Wago Controllers
- New ‘RDStealer’ Malware Targets RDP Connections
