On October 19, 2016, a critical security vulnerability in the Linux kernel was publicly disclosed: Dirty COW (CVE-2016-5195). The vulnerability had existed in the kernel for approximately 9 years and allows local privilege escalation.
What is Dirty COW?
Dirty COW (Copy-On-Write) is a race condition in the Linux kernel's memory management. The vulnerability allows a local attacker to gain write access to memory areas that are supposed to be read-only. This enables an unprivileged user to obtain root privileges.
Affected Systems
Nearly all Linux distributions with kernel versions from 2.6.22 (2007) up to the patch are affected:
- CentOS / RHEL 5, 6 and 7
- Debian 7 and 8
- Ubuntu 12.04, 14.04 and 16.04
- SUSE Linux Enterprise Server 11 and 12
Actions Taken by INGATE
Managed Server
All managed service customers were patched within 24 hours of the vulnerability becoming known. Kernel updates were applied during emergency maintenance windows. A system reboot was required.
Colocation and Bare Metal
Customers managing their own servers were notified by email about the security vulnerability and available patches. We strongly recommend applying the kernel updates as soon as possible.
Recommended Action
Check whether your Linux kernel is up to date. Perform a system update immediately:
- CentOS/RHEL: yum update kernel
- Debian/Ubuntu: apt-get update && apt-get upgrade
A reboot is required after the update. If you have any questions, our technical team is available at info@ingate.de.
