CVE-2016-5195
Summary
| CVE | CVE-2016-5195 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-11-10 21:59:00 UTC |
| Updated | 2023-11-07 02:33:00 UTC |
| Description | Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." |
Risk And Classification
EPSS: 0.941760000 probability, percentile 0.999170000 (date 2026-04-01)
CISA KEV: Listed on 2022-03-03; due 2022-03-24; ransomware use Unknown
Problem Types: CWE-362
CISA Known Exploited Vulnerability
| Vendor | Linux |
|---|---|
| Product | Kernel |
| Name | Linux Kernel Race Condition Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2016-5195 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Core | 15.04 | All | All | All |
| Operating System | Canonical | Ubuntu Core | 15.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Long Life | 5.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Long Life | 5.9 | All | All | All |
| Operating System | Redhat | Enterprise Linux Long Life | 5.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Long Life | 5.9 | All | All | All |
| Operating System | Redhat | Enterprise Linux Tus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Tus | 6.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] SUSE-SU-2016:2632-1: important: Security update for | SUSE | lists.opensuse.org | |
| USN-3106-4: Linux kernel (Qualcomm Snapdragon) vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| PSIRT Advisories | FortiGuard | CONFIRM | fortiguard.com | |
| Bugtraq | BUGTRAQ | www.securityfocus.com | |
| USN-3104-1: Linux kernel vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| USN-3107-2: Linux kernel (Raspberry Pi 2) vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] SUSE-SU-2016:2596-1: important: Security update for | SUSE | lists.opensuse.org | |
| Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| Debian -- Security Information -- DSA-3696-1 linux | DEBIAN | www.debian.org | |
| DirtyCow Local Root Proof Of Concept ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [SECURITY] Fedora 25 Update: kernel-4.8.3-300.fc25 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| HPE Support document - HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:3069-1: important: Security update for | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2659-1: important: Security update for | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2020:0554-1: important: Security update | SUSE | lists.opensuse.org | |
| Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID) | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| mm: remove gup_flags FOLL_WRITE games from __get_user_pages() · torvalds/linux@19be0ea · GitHub | CONFIRM | github.com | Issue Tracking, Patch, Third Party Advisory |
| oss-security - Re: CVE-2016-5195 test case | MLIST | www.openwall.com | |
| Bugtraq | BUGTRAQ | www.securityfocus.com | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Issue Tracking, Patch, Vendor Advisory |
| Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation ≈ Packet Storm | MISC | packetstormsecurity.com | |
| oss-security - Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| [security-announce] SUSE-SU-2016:2631-1: important: Security update for | SUSE | lists.opensuse.org | |
| www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3 | CONFIRM | www.kernel.org | Release Notes, Vendor Advisory |
| oss-security - Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions | MLIST | www.openwall.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| HPE Support document - HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| PoCs · dirtycow/dirtycow.github.io Wiki · GitHub | MISC | github.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2629-1: important: Security update for | SUSE | lists.opensuse.org | |
| HPE Support document - HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| Bugtraq | BUGTRAQ | www.securityfocus.com | |
| Android Security Bulletin—November 2016 | Android Open Source Project | CONFIRM | source.android.com | Third Party Advisory |
| Kernel Live Patch Security Notice LSN-0021-1 ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CPU July 2018 | CONFIRM | www.oracle.com | Patch, Third Party Advisory |
| Security Advisory - Dirty COW Vulnerability in Huawei Products | CONFIRM | www.huawei.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2593-1: important: Security update for the Linux Kernel - openSUSE Security Announce - openSUSE Mailing Lists | SUSE | lists.opensuse.org | |
| USN-3105-1: Linux kernel vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [SECURITY] Fedora 23 Update: kernel-4.7.9-100.fc23 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| USN-3106-2: Linux kernel (Xenial HWE) vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Cisco TelePresence Video Communication Server Test Validation Script Issue | CISCO | tools.cisco.com | |
| [security-announce] SUSE-SU-2016:2637-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 - openSUSE Security Announce - openSUSE Mailing Lists | SUSE | lists.opensuse.org | |
| [security-announce] SUSE-SU-2016:3304-1: important: Security update for | SUSE | lists.opensuse.org | |
| Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| HPE Support document - HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| oss-security - CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability | MLIST | www.openwall.com | |
| [security-announce] SUSE-SU-2016:2585-1: important: Security update for | SUSE | lists.opensuse.org | |
| [security-announce] SUSE-SU-2016:2634-1: important: Security update for | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Bugtraq | BUGTRAQ | www.securityfocus.com | |
| Vulnerability in Linux Kernel Affecting Cisco Products: October 2016 | CISCO | tools.cisco.com | |
| CVE-2016-5195 in Ubuntu | CONFIRM | people.canonical.com | Third Party Advisory |
| Vulnerability Note VU#243144 - Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Kernel Live Patch Security Notice LSN-0012-1 ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation ≈ Packet Storm | MISC | packetstormsecurity.com | |
| [security-announce] SUSE-SU-2016:2673-1: important: Security update for | SUSE | lists.opensuse.org | |
| McAfee Security Bulletin: Fixes for privilege escalation via MAP_PRIVATE COW breakage (CVE-2016-5195) | CONFIRM | kc.mcafee.com | Third Party Advisory |
| HPE Support document - HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| DirtyCow Linux Kernel Race Condition ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE-2016-5195 | CONFIRM | security-tracker.debian.org | Issue Tracking, Third Party Advisory |
| oss-security - Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions | MLIST | www.openwall.com | |
| oss-security - Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions | MLIST | www.openwall.com | |
| CVE-2016-5195 - Red Hat Customer Portal | CONFIRM | access.redhat.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2635-1: important: Security update for | SUSE | lists.opensuse.org | |
| McAfee Security Bulletin - Web Gateway update fixes the Huge Dirty Cow vulnerability (CVE-2017-1000405) | CONFIRM | kc.mcafee.com | |
| Bugtraq | BUGTRAQ | www.securityfocus.com | |
| HPE Support document - HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2614-1: important: Security update for | SUSE | lists.opensuse.org | |
| Document Display | HPE Support Center | CONFIRM | h20566.www2.hpe.com | |
| Bug 1004418 – VUL-0: CVE-2016-5195: kernel: local privilege escalation using MAP_PRIVATE "Dirty COW" | CONFIRM | bugzilla.suse.com | Issue Tracking, Third Party Advisory |
| Knowledge Center | CONFIRM | kc.mcafee.com | |
| USN-3106-3: Linux kernel (Raspberry Pi 2) vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] SUSE-SU-2016:2657-1: important: Security update for | SUSE | lists.opensuse.org | |
| Bugtraq | BUGTRAQ | www.securityfocus.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Bug 1384344 – CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| StruxureWare Data Center Operation Software Vulnerability Fixes - User Assistance for StruxureWare Data Center Operation 8 - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and NetBotz | CONFIRM | help.ecostruxureit.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2655-1: important: Security update for | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2016:2584-1: important: Security update for the Linux Kernel - openSUSE Security Announce - openSUSE Mailing Lists | SUSE | lists.opensuse.org | |
| oss-security - Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability | MLIST | www.openwall.com | |
| USN-3105-2: Linux kernel (Trusty HWE) vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method) | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| Security Advisory 0026 - Arista | MISC | www.arista.com | |
| USN-3106-1: Linux kernel vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH and other third party software vulnerabilities affect NSM Appliance OS. - Juniper Networks | CONFIRM | kb.juniper.net | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| 2017-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 16.1R1 release. - Juniper Networks | CONFIRM | kb.juniper.net | |
| Dirty COW (CVE-2016-5195) | MISC | dirtycow.ninja | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2636-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 - openSUSE Security Announce - openSUSE Mailing Lists | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [SECURITY] Fedora 23 Update: kernel-4.7.9-100.fc23 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [security-announce] SUSE-SU-2016:2638-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 - openSUSE Security Announce - openSUSE Mailing Lists | SUSE | lists.opensuse.org | |
| Bugtraq | BUGTRAQ | www.securityfocus.com | |
| HPE Support document - HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2592-1: important: Security update for | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Bugtraq | BUGTRAQ | www.securityfocus.com | |
| [security-announce] SUSE-SU-2016:2658-1: important: Security update for | SUSE | lists.opensuse.org | |
| oss-security - Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions | MLIST | www.openwall.com | |
| oss-security - CVE-2016-5195 test case | MLIST | www.openwall.com | |
| CVE-2016-5195 Kernel Local Privilege Escalation Vulnerability in Multiple NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| [SECURITY] Fedora 24 Update: kernel-4.7.9-200.fc24 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Android Security Bulletin—December 2016 | Android Open Source Project | CONFIRM | source.android.com | Third Party Advisory |
| oss-security - CVE-2022-0847: Linux kernel: overwriting read-only files | MLIST | www.openwall.com | |
| [security-announce] SUSE-SU-2016:2630-1: important: Security update for | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 24 Update: kernel-4.7.9-200.fc24 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| 2017-10 Security Bulletin: Multiple Products: "Dirty COW" Linux Kernel Local Privilege Escalation (CVE-2016-5195) - Juniper Networks | CONFIRM | kb.juniper.net | |
| oss-security - CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions | MLIST | www.openwall.com | |
| Linux Kernel Copy-on-Write Memory Management Race Condition Lets Local Users Obtain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Kernel Local Privilege Escalation "Dirty COW" - CVE-2016-5195 - Red Hat Customer Portal | CONFIRM | access.redhat.com | Third Party Advisory |
| Broadcom Support Portal | CONFIRM | bto.bluecoat.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:2633-1: important: Security update for | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 25 Update: kernel-4.8.3-300.fc25 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| oss-security - Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions | MLIST | www.openwall.com | |
| VulnerabilityDetails · dirtycow/dirtycow.github.io Wiki · GitHub | MISC | github.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:2583-1: important: Security update | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2016:2625-1: important: Security update | SUSE | lists.opensuse.org | |
| USN-3104-2: Linux kernel (OMAP4) vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| USN-3107-1: Linux kernel vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| CVE-2016-5195 Kernel Vulnerability | CONFIRM | security.paloaltonetworks.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:2649-1: important: kernel update fo | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.