Vigil@nce - Linux kernel: privilege escalation via Copy On Write, Dirty COW
December 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate a memory corruption via a Copy On
Write on the Linux kernel, in order to trigger a denial of
service, and possibly to run code.
– Impacted products: Cisco ATA, Nexus by Cisco, NX-OS, Cisco Prime
Access Registrar, Cisco Prime DCNM, Cisco CUCM, Debian, Fedora,
Android OS, HPE Switch, Linux, openSUSE, openSUSE Leap, RHEL,
Slackware, Spectracom SecureSync, SUSE Linux Enterprise Desktop,
SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Wind
River Linux.
– Severity: 2/4.
– Creation date: 20/10/2016.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports the Copy On Write operation, which is
used to copy memory only when it is modified.
However, a local attacker can manipulate the memory, so the COW
operation writes in Read Only memory.
A local attacker can therefore generate a memory corruption via a
Copy On Write on the Linux kernel, in order to trigger a denial of
service, and possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN