Fixed dangerous vulnerability in Linux kernel

The dangerous Local Privilege Escalation (LPE) vulnerability in the Linux kernel with the identifier CVE-2016-5195 ( Dirty COW ) has been fixed in Linux distributions such as RedHat , Ubuntu and Debian . We recommend that users update their copies of Linux as soon as possible, because the vulnerability is already being used by in-the-wild attackers. The vulnerability is rather ancient, it is already 9 years old and it has appeared in the kernel since version 2.6.22. This suggests that it can be present in the Android kernel. Dirty COW allows an attacker to get maximum root privileges on the system, although to access the system, he also needs to use the RCE exploit. Getting root access in the system will allow an attacker to perform an unlimited number of operations in it.

A kernel condition has been found to be a memory card reader. In this case, there are memory mappings and thus increase their privileges on the system.

The vulnerability is present in the Linux kernel virtual memory manager code, which is responsible for implementing the well-known common mapped memory management mechanism called copy-on-write (copy-on-write). If several clients try to access this code at the same time, a race condition may occur, with the result that the stream will have write access to memory pages that are read-only.

The copying mechanism for recording is used in almost all modern operating systems. In general, it allows you to significantly save the load time of code and data that are used in the system by many processes, by placing them in memory in a single copy by assigning them a special attribute of access "copy-on-write". Thus, when a thread wants to write something onto a page of memory with such an attribute, the OS will notice it and allocate a private page of physical memory for that thread, copy the original data onto it and allow it to be modified. Other processes will see the original data on the page, while the specified process will have access to the modified data.