Users are urged to update their system immediately

Oct 20, 2016 21:00 GMT  ·  By

Today, October 20, 2016, Linux kernel maintainer Greg Kroah-Hartman announced three new maintenance updates for the Linux 4.8, 4.7, and 4.4 LTS kernel series, patching a major security vulnerability.

Known as "Dirty COW," the Linux kernel vulnerability documented at CVE-2016-5195 is, in fact, a nasty bug that could have allowed local users to write to any file they can read. The worst part is that the security flaw was present in various Linux kernel builds since at least the Linux 2.6.x series, which reached end of life in February this year.

For those who are interested in more technical details, the "mm: remove gup_flags FOLL_WRITE games from __get_user_pages()" vulnerability was patched by Linus Torvalds himself, and it's a race condition discovered in Linux kernel's memory manager when handling copy-on-write breakage of private read-only memory mappings, which could have allowed a local attacker to gain administrative privileges (root access) to the affected system.

"This is an ancient bug that was actually attempted to be fixed once (badly) by me eleven years ago," reveals Linus Torvalds in an email announcement. "To fix it, we introduce a new internal FOLL_COW flag to mark the "yes, we already did a COW" rather than play racy games with FOLL_WRITE that is very fundamental, and then use the pte dirty flag to validate that the FOLL_COW flag is still valid."

Linux users need to update their systems as soon as possible

Therefore, today's Linux kernel 4.8.3, Linux kernel 4.7.9, and Linux kernel 4.4.26 LTS point releases are here to patch the "Dirty COW" security vulnerability, and it already landed in the repositories of various GNU/Linux distributions, including Arch Linux (Testing), Solus (Unstable), and all supported Ubuntu OSes. Make sure that you update your OS as soon as possible!

OS vendors are urged to download the Linux kernel 4.8.3, Linux kernel 4.7.9, and Linux kernel 4.4.26 LTS sources right now from the kernel.org website or via ours, compile them for their supported architectures, and push the new versions to the stable channels, thus offering a stable and secure Linux environment for their users.