CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Published: Nov 10, 2016
Updated: Jul 25, 2024
CVE: CVE-2016-5195
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	16.10	16.10.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	12.04	12.04.x
linux / linux_kernel	3.3	3.4.113
linux / linux_kernel	2.6.22	3.2.83
linux / linux_kernel	3.5	3.10.104
linux / linux_kernel	3.11	3.12.66
linux / linux_kernel	3.13	3.16.38
linux / linux_kernel	3.17	3.18.44
linux / linux_kernel	3.19	4.1.35
linux / linux_kernel	4.2	4.4.26
linux / linux_kernel	4.5	4.7.9
linux / linux_kernel	4.8	4.8.3
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux_tus	6.5	6.5.x
redhat / enterprise_linux_eus	6.7	6.7.x
redhat / enterprise_linux_long_life	5.6	5.6.x
redhat / enterprise_linux_aus	6.4	6.4.x
redhat / enterprise_linux	5	5.x
redhat / enterprise_linux_long_life	5.9	5.9.x
redhat / enterprise_linux_aus	6.2	6.2.x
redhat / enterprise_linux_eus	7.1	7.1.x
redhat / enterprise_linux_eus	6.6	6.6.x
redhat / enterprise_linux_aus	6.5	6.5.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
fedoraproject / fedora	25	25.x
fedoraproject / fedora	24	24.x
fedoraproject / fedora	23	23.x
paloaltonetworks / pan-os	7.1.0	7.1.8
paloaltonetworks / pan-os	5.1	7.0.14

Vulnerability Database

289,599

CVE-2016-5195