Post Now

Flaw Discovered in the Original Dirty COW Vulnerability Patch

Image

Researchers have discovered a flaw in the original patch for the  Dirty COW vulnerability  (CVE-2016-5195) which was released in October 2016.

Researchers have discovered a flaw in the original patch for the  Dirty COW vulnerability  (CVE-2016-5195) which was released in October 2016.The flaw could allow an attacker to run local code on affected systems and exploit a race condition to perform a privilege escalation attack.The flaw (CVE-2017-1000405) in the original patch of Dirty COW vulnerability was identified by security researchers at the security firm Bindecy.“ In the “Dirty COW” vulnerability patch (CVE-2016-5195), can_follow_write_pmd() was changed to take into account the new FOLL_COW flag (8310d48b125d “mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp“). We noticed a problematic use of pmd_mkdirty() in the touch_pmd() function. touch_pmd() can be reached by get_user_pages().” said in the post  published by Bindecy.When comparing, the new bug is not as severe as the Dirty COW vulnerability which affected all Linux distribution including  Red Hat Enterprise Linux and Android.Researchers said the current bug does not affect Android and Red Hat Enterprise Linux still all other distributions like Ubuntu, Fedora, SUSE are affected by the issue which estimate to that millions of machines are still vulnerable.According to red hat Linux kernel packages shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG, 2 are not affected by the vulnerability.The flaw was reported to Linux kernel organization by researchers on November 22, and the vulnerability was made public on Friday.Red hat has published an advisory including a mitigation suggestion that consists in disabling the use of “zero page.”“It is possible to prevent the zero page from being mapped as a huge page, by modifying a configuration tunable in the /sys directory… This prevents the flaw from being exercised in this method. # echo 0 > /sys/kernel/mm/transparent_hugepage/use_zero_page Disabling huge pages: It is possible to mitigate this flaw by disabling hugepages on a system,” according to Red Hat.