CVE-2016-5195 linux kernel local privilege escalation (Dirty COW)

Bug #1636528 reported by Anton Chevychalov
266
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Fix Released
High
MOS Linux
5.1.x
Fix Committed
High
Anton Chevychalov
6.0.x
Fix Committed
High
MOS Maintenance
6.1.x
Fix Committed
High
MOS Maintenance
7.0.x
Fix Released
High
Anton Chevychalov
8.0.x
Fix Released
High
Anton Chevychalov
9.x
Fix Released
High
MOS Linux

CVE References

tags: added: feature-security
information type: Private Security → Public Security
summary: - CVE-2016-5195 linux kernel local privilege escalation
+ CVE-2016-5195 linux kernel local privilege escalation (Dirty COW)
Anton Matveev (amatveev)
tags: added: customer-found sla1
Revision history for this message
Rudy McComb (rmccomb) wrote :

GitHub
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails

Ubuntu

4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
Debian

3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable
Arch

4.4.26-1 for ArchLinux (linux-lts package)
4.8.3 for ArchLinux (linux package)
RHEL/Centos

Instructions for patching RHEL/Centos 6.x can be found here

Gentoo

Bug: https://bugs.gentoo.org/show_bug.cgi?id=597624

sys-kernel/gentoo-sources-4.1.35
sys-kernel/gentoo-sources-4.8.x - TBD
sys-kernel/gentoo-sources-3.x.x - TBD
Others

If you must stay in kernel 3.19 family, version 3.19.0-73.81 is a patched version and available for Ubuntu 14.04 from official repos. (update via dist-upgrade)

Revision history for this message
Dmitry Teselkin (teselkin-d) wrote :
Revision history for this message
Dmitry Teselkin (teselkin-d) wrote :
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to packages/centos6/kernel (5.1.1-updates)

Fix proposed to branch: 5.1.1-updates
Change author: Anton Chevychalov <email address hidden>
Review: https://review.fuel-infra.org/28676

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to packages/centos6/kernel (5.1.1-updates)

Reviewed: https://review.fuel-infra.org/28676
Submitter: Anton Chevychalov <email address hidden>
Branch: 5.1.1-updates

Commit: 20d3bc8c34cb24df0d170a2a06759d7d1e71da03
Author: Anton Chevychalov <email address hidden>
Date: Mon Nov 21 10:10:34 2016

Fix CVE-2016-5195 Dirty COW

Due to possible problems with docker (LP#1485954)
it is not safe to update kernel, so backport fix
from RHEL linux-2.6.32-642.6.2.el6.

Change-Id: Ieead012b983e765d9a05f6b7c3ed4e4cdfb508be
Closes-Bug: #1636528

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to packages/centos6/kernel (6.0-updates)

Fix proposed to branch: 6.0-updates
Change author: Anton Chevychalov <email address hidden>
Review: https://review.fuel-infra.org/28794

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to packages/centos6/kernel (6.1)

Fix proposed to branch: 6.1
Change author: Anton Chevychalov <email address hidden>
Review: https://review.fuel-infra.org/28806

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to packages/centos6/kernel (6.0-updates)

Reviewed: https://review.fuel-infra.org/28794
Submitter: Anton Chevychalov <email address hidden>
Branch: 6.0-updates

Commit: 3a6fbda51c734e31aedd21651bf063952d2d1c83
Author: Anton Chevychalov <email address hidden>
Date: Wed Nov 23 13:07:28 2016

Fix CVE-2016-5195 Dirty COW

Due to possible problems with docker (LP#1485954)
it is not safe to update kernel, so backport fix
from RHEL linux-2.6.32-642.6.2.el6.

Change-Id: Ieead012b983e765d9a05f6b7c3ed4e4cdfb508be
Closes-Bug: #1636528

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to packages/centos6/kernel (6.1)

Reviewed: https://review.fuel-infra.org/28806
Submitter: Denis V. Meltsaykin <email address hidden>
Branch: 6.1

Commit: 3e71a5ec1b3bf0295506413594b8a32e6111f064
Author: Anton Chevychalov <email address hidden>
Date: Thu Nov 24 10:29:28 2016

Fix CVE-2016-5195 Dirty COW

Due to possible problems with docker (LP#1485954)
it is not safe to update kernel, so backport fix
from RHEL linux-2.6.32-642.6.2.el6

Change-Id: Ieead012b983e765d9a05f6b7c3ed4e4cdfb508be
Closes-Bug: #1636528

tags: added: centos
Revision history for this message
Dmitry Teselkin (teselkin-d) wrote :
Revision history for this message
Sergey Novikov (snovikov) wrote :

We've decided to mark this bug for 9.x as "Fix released" because new packages were delivered to target customer

Revision history for this message
Anton Chevychalov (achevychalov) wrote :
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on packages/centos6/kernel (7.0)

Change abandoned by Anton Chevychalov <email address hidden> on branch: 7.0
Review: https://review.fuel-infra.org/28495
Reason: No need to do that port due to upgrade kernel from upstream.

Revision history for this message
TatyanaGladysheva (tgladysheva) wrote :

Verified on 8.0 + MU4 updates.

CentOS repo http://mirror.fuel-infra.org/mos-repos/centos/mos8.0-centos7-fuel/security/x86_64/Packages/ contains kernel-3.10.0-327.36.3.el7.x86_64.rpm and all other required packages.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.