← volver
CVE-2016-5195

CVE-2016-5195

CVSS 7 HIGHEPSS 83.5%● KEVCWE-362
Vexday Risk Score
93Corregir ahora
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
CVSS 7EPSS 83.5%KEV simPoC públicaNuclei Metasploit Patch referenciado
Ciclo de vida
19 oct 2016PoC pública
10 nov 2016Publicada en NVD
03 mar 2022Explotación activa (CISA KEV)
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
En resumen

Una falla en Linux permite que alguien con acceso local engañe al sistema para escribir en memoria que debería ser solo lectura, permitiendo tomar el control. Esto ocurre porque el sistema no gestiona correctamente una protección llamada copy-on-write.

Detalle técnico

Condición de carrera en mm/gup.c del kernel Linux 2.x–4.x anterior a 4.8.3 permite escalada de privilegios local explotando manejo inadecuado del mecanismo copy-on-write (COW). Un usuario sin privilegios puede escribir en asignaciones de memoria de solo lectura manipulando referencias de página en accesos concurrentes, resultando en ejecución de código a nivel kernel.

Resumen generado y traducido por IA a partir de la descripción oficial.
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a
PoCs públicas encontradas75
githubgithub.com/timwr/CVE-2016-51951003githubgithub.com/firefart/dirtycow932githubgithub.com/scumjr/dirtycow-vdso511githubgithub.com/gbonacini/CVE-2016-5195340githubgithub.com/r1is/CVE-2022-0847282githubgithub.com/hyln9/VIKIROOT272githubgithub.com/Brucetg/DirtyCow-EXP141githubgithub.com/DavidBuchanan314/cowroot32githubgithub.com/aishee/scan-dirtycow16githubgithub.com/xlucas/dirtycow.cr13githubgithub.com/pgporada/ansible-role-cve10githubgithub.com/whu-enjoy/CVE-2016-519510githubgithub.com/imust6226/dirtcow9githubgithub.com/jas502n/CVE-2016-51957githubgithub.com/sideeffect42/DirtyCOWTester7githubgithub.com/oleg-fiksel/ansible_CVE-2016-5195_check6githubgithub.com/talsim/root-dirtyc0w5githubgithub.com/droidvoider/dirtycow-replacer4githubgithub.com/arttnba3/CVE-2016-51953githubgithub.com/LinuxKernelContent/DirtyCow3githubgithub.com/esc0rtd3w/org.cowpoop.moooooo3githubgithub.com/FloridSleeves/os-experiment-42githubgithub.com/DanielEbert/CVE-2016-51952githubgithub.com/LiEnby/PSSRoot2githubgithub.com/ASRTeam/CVE-2016-51951githubgithub.com/malinthag62/The-exploitation-of-Dirty-Cow-CVE-2016-51951githubgithub.com/TotallyNotAHaxxer/CVE-2016-51951githubgithub.com/0x3n19m4/CVE-2016-51951githubgithub.com/th3-5had0w/DirtyCOW-PoC1githubgithub.com/titanhp/Dirty-COW-CVE-2016-5195-Testing1githubgithub.com/arbll/dirtycow1githubgithub.com/EDLLT/CVE-2016-5195-master0githubgithub.com/KosukeShimofuji/CVE-2016-51950githubgithub.com/istenrot/centos-dirty-cow-ansible0githubgithub.com/ldenevi/CVE-2016-51950githubgithub.com/ndobson/inspec_CVE-2016-51950githubgithub.com/sribaba/android-CVE-2016-51950githubgithub.com/acidburnmi/CVE-2016-5195-master0githubgithub.com/xpcmdshell/derpyc0w0githubgithub.com/zakariamaaraki/Dirty-COW-CVE-2016-5195-0githubgithub.com/shanuka-ashen/Dirty-Cow-Explanation-CVE-2016-5195-0githubgithub.com/dulanjaya23/Dirty-Cow-CVE-2016-5195-0githubgithub.com/KaviDk/dirtyCow0githubgithub.com/passionchenjianyegmail8/scumjrs0githubgithub.com/1equeneRise/scumjr90githubgithub.com/fei9747/CVE-2016-51950githubgithub.com/h1n4mx0/Research-CVE-2016-51950githubgithub.com/ZhiQiAnSecFork/DirtyCOW_CVE-2016-51950githubgithub.com/sakilahamed/Linux-Kernel-Exploit-LAB0githubgithub.com/ASUKA39/CVE-2016-51950githubgithub.com/Samuel-G3/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow0githubgithub.com/mohammadamin382/dirtycow-lab0githubgithub.com/MarioAlejos-Cs/dirtycow-lab0githubgithub.com/pardhu045/linux-privilege-escalation0githubgithub.com/ramahmdr/dirtycow0githubgithub.com/elhaddadalaa788-alt/kernel-exploit-dirtycow-project-subm0githubgithub.com/theo543/OSDS_Paper_CVE-2016-51950githubgithub.com/maur0amaya/Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow0githubgithub.com/KasunPriyashan/Y2S1-Project-Linux-Exploitaion-using-CVE-2016-5195-Vulnerability0githubgithub.com/vinspiert/scumjrs0cve_referencewww.exploit-db.com/exploits/40847/no verificadocve_referencewww.exploit-db.com/exploits/40839/no verificadoexploitdbwww.exploit-db.com/exploits/40616no verificadocve_referencewww.exploit-db.com/exploits/40616/no verificadocve_referencewww.exploit-db.com/exploits/40611/no verificadoexploitdbwww.exploit-db.com/exploits/40847no verificadocve_referencepacketstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.htmlno verificadocve_referencepacketstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.htmlno verificadocve_referencepacketstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.htmlno verificadocve_referencepacketstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.htmlno verificadoexploitdbwww.exploit-db.com/exploits/40838no verificadocve_referencepacketstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.htmlno verificadoexploitdbwww.exploit-db.com/exploits/40839no verificadocve_referencepacketstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.htmlno verificadoexploitdbwww.exploit-db.com/exploits/40611no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://fortiguard.com/advisory/FG-IR-16-063http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html