Wind River Support Network

HomeSafety and Security NoticesSecurity Advisory - CVE-2016-5195 for linux kernel
Recommended

Security Advisory - CVE-2016-5195 for linux kernel

Released: Oct 24, 2016     Updated: Oct 24, 2016

Summary

Security Advisory - CVE-2016-5195 for linux kernel

Affected Product Versions

Wind River Linux 6, Wind River Linux 7, Wind River Linux 8, Wind River Linux 5

Downloads

Description

Introduction
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

Details
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

Environment
Wind River Linux 5
Wind River Linux 6
Wind River Linux 7
Wind River Linux 8

Installation Notes

Installation for 5.0.1/6.0/7.0/8.0

1. Construct the linux kernel source tree in your build project
$ cd PATH_2_PROJ
$ /PATH_2_WRL_INSTALL/wrlinux/configure/ ...
$ make bbs
$ bitbake linux-windriver -c configure
$ exit

2. Install the kernel patch
$ make kds
$ git am CVE-2016-5195-WRL5[6,7,8].patch
$ exit

3. build linux kernel
$ make bbs
$ bitbake linux-windriver
$ exit

reproduce & verify
https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube