Security Experts:

Connect with us

Hi, what are you looking for?



“Dirty COW” Linux Kernel Exploit Seen in the Wild

A new Linux kernel vulnerability disclosed on Wednesday allows an unprivileged local attacker to escalate their privileges on a targeted system. Red Hat said it was aware of an exploit in the wild.

A new Linux kernel vulnerability disclosed on Wednesday allows an unprivileged local attacker to escalate their privileges on a targeted system. Red Hat said it was aware of an exploit in the wild.

The vulnerability, discovered by Phil Oester, was sarcastically dubbed by some people “Dirty COW” due to the fact that it’s caused by a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings.

The security hole, tracked as CVE-2016-5195, allows local attackers to escalate their privileges on the targeted system by modifying existing setuid files, Red Had said in its advisory.

“An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system,” the company explained.

Red Hat, which classified the flaw as “important,” said it was aware of an exploit leveraging this technique in the wild, but the company has not shared any other information. A fix has already been developed and Linux distributions have started releasing updates.

An increasing number of vulnerabilities have been branded since the discovery of Heartbleed. While some believe that branding a flaw could have a positive impact, others are concerned that branding even low-risk issues could lead to companies ignoring the vulnerabilities that really matter.

The people who created the Dirty COW website, logo and Twitter account have admitted that this vulnerability is not as serious as others and they claim to have branded it to make fun of branded flaws. They even created a shop that sells “Dirty COW” mugs and t-shirts for thousands of dollars.

Linux Kernel Vulnerabilities

Google security researcher Kees Cook has analyzed the Linux kernel vulnerabilities discovered since 2011 in an effort to determine for how long they go unnoticed after they are introduced in a Linux release.

Based on the analysis of 557 CVE identifiers assigned to Linux kernel flaws since 2011, Cook determined that their average lifespan is roughly 5 years. According to the expert, high severity issues are fixed after 6.4 years, while critical issues are discovered, on average, after 3.3 years.

Related: Ubuntu Patches Several Kernel Vulnerabilities

Related: Linux Kernel Flaw Puts Millions of Devices at Risk

Related: Linux Kernel Flaw Exposes Most Android Devices to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.