CVE-2016-5195 - Vulnerability Details

- kernel: mm: privilege escalation via MAP_PRIVATE COW breakage

Description

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Published: 2016-11-10

Score: 7.0 High

EPSS: 94.2% High

KEV: Yes

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.10:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:5:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:6.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_long_life:5.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_long_life:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_tus:6.5:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:fedoraproject:fedora:23:::::::*
	cpe:2.3:o:fedoraproject:fedora:24:::::::*
	cpe:2.3:o:fedoraproject:fedora:25:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

Configuration 7 [-]

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:hci_storage_nodes:-:::::::*
	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
	cpe:2.3:a:netapp:oncommand_performance_manager:-:::::::*
	cpe:2.3:a:netapp:oncommand_unified_manager_for_clustered_data_ontap:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:snapprotect:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
kernel-0:2.6.18-416.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2016:2124	2016-10-28T00:00:00Z
Red Hat Enterprise Linux 5.6 Long Life
kernel-0:2.6.18-238.57.1.el5	cpe:/o:redhat:rhel_mission_critical:5.6	RHSA-2016:2127	2016-10-31T00:00:00Z
Red Hat Enterprise Linux 5.9 Long Life
kernel-0:2.6.18-348.32.1.el5	cpe:/o:redhat:rhel_aus:5.9	RHSA-2016:2126	2016-10-31T00:00:00Z
Red Hat Enterprise Linux 6
kernel-0:2.6.32-642.6.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:2105	2016-10-26T00:00:00Z
Red Hat Enterprise Linux 6.2 Advanced Update Support
kernel-0:2.6.32-220.68.1.el6	cpe:/o:redhat:rhel_mission_critical:6.2	RHSA-2016:2132	2016-11-01T00:00:00Z
Red Hat Enterprise Linux 6.4 Advanced Update Support
kernel-0:2.6.32-358.75.1.el6	cpe:/o:redhat:rhel_aus:6.4	RHSA-2016:2133	2016-11-01T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.75.1.el6	cpe:/o:redhat:rhel_aus:6.5	RHSA-2016:2120	2016-10-27T00:00:00Z
Red Hat Enterprise Linux 6.5 Telco Extended Update Support
kernel-0:2.6.32-431.75.1.el6	cpe:/o:redhat:rhel_tus:6.5	RHSA-2016:2120	2016-10-27T00:00:00Z
Red Hat Enterprise Linux 6.6 Extended Update Support
kernel-0:2.6.32-504.54.1.el6	cpe:/o:redhat:rhel_eus:6.6	RHSA-2016:2128	2016-10-31T00:00:00Z
Red Hat Enterprise Linux 6.7 Extended Update Support
kernel-0:2.6.32-573.35.2.el6	cpe:/o:redhat:rhel_eus:6.7	RHSA-2016:2106	2016-10-26T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-327.36.3.rt56.238.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2016:2110	2016-10-26T00:00:00Z
kernel-0:3.10.0-327.36.3.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:2098	2016-10-24T00:00:00Z
kernel-aarch64-0:4.5.0-15.2.1.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:0372	2017-03-02T00:00:00Z
Red Hat Enterprise Linux 7.1 Extended Update Support
kernel-0:3.10.0-229.42.2.ael7b	cpe:/o:redhat:rhel_eus:7.1	RHSA-2016:2118	2016-10-26T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-327.rt56.198.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2016:2107	2016-10-26T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-670-1	linux security update
Debian DSA	DSA-3696-1	linux security update
Ubuntu USN	USN-3104-1	Linux kernel vulnerability
Ubuntu USN	USN-3104-2	Linux kernel (OMAP4) vulnerability
Ubuntu USN	USN-3105-1	Linux kernel vulnerability
Ubuntu USN	USN-3105-2	Linux kernel (Trusty HWE) vulnerability
Ubuntu USN	USN-3106-1	Linux kernel vulnerability
Ubuntu USN	USN-3106-2	Linux kernel (Xenial HWE) vulnerability
Ubuntu USN	USN-3106-3	Linux kernel (Raspberry Pi 2) vulnerability
Ubuntu USN	USN-3106-4	Linux kernel (Qualcomm Snapdragon) vulnerability
Ubuntu USN	USN-3107-1	Linux kernel vulnerability
Ubuntu USN	USN-3107-2	Linux kernel (Raspberry Pi 2) vulnerability

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 3, 2022.

The EPSS score is 0.94184.

Exploitation active

Automatable no

Technical Impact total

References

Link	Providers
http://fortiguard.com/advisory/FG-IR-16-063
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
http://rhn.redhat.com/errata/RHSA-2016-2098.html
http://rhn.redhat.com/errata/RHSA-2016-2105.html
http://rhn.redhat.com/errata/RHSA-2016-2106.html
http://rhn.redhat.com/errata/RHSA-2016-2107.html
http://rhn.redhat.com/errata/RHSA-2016-2110.html
http://rhn.redhat.com/errata/RHSA-2016-2118.html
http://rhn.redhat.com/errata/RHSA-2016-2120.html
http://rhn.redhat.com/errata/RHSA-2016-2124.html
http://rhn.redhat.com/errata/RHSA-2016-2126.html
http://rhn.redhat.com/errata/RHSA-2016-2127.html
http://rhn.redhat.com/errata/RHSA-2016-2128.html
http://rhn.redhat.com/errata/RHSA-2016-2132.html
http://rhn.redhat.com/errata/RHSA-2016-2133.html
http://seclists.org/fulldisclosure/2024/Aug/35
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
http://www.debian.org/security/2016/dsa-3696
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
http://www.openwall.com/lists/oss-security/2016/10/21/1
http://www.openwall.com/lists/oss-security/2016/10/26/7
http://www.openwall.com/lists/oss-security/2016/10/27/13
http://www.openwall.com/lists/oss-security/2016/10/30/1
http://www.openwall.com/lists/oss-security/2016/11/03/7
http://www.openwall.com/lists/oss-security/2022/03/07/1
http://www.openwall.com/lists/oss-security/2022/08/08/1
http://www.openwall.com/lists/oss-security/2022/08/08/2
http://www.openwall.com/lists/oss-security/2022/08/08/7
http://www.openwall.com/lists/oss-security/2022/08/08/8
http://www.openwall.com/lists/oss-security/2022/08/09/4
http://www.openwall.com/lists/oss-security/2022/08/15/1
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/archive/1/539611/100/0/threaded
http://www.securityfocus.com/archive/1/540252/100/0/threaded
http://www.securityfocus.com/archive/1/540344/100/0/threaded
http://www.securityfocus.com/archive/1/540736/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded
http://www.securityfocus.com/bid/93793
http://www.securitytracker.com/id/1037078
http://www.ubuntu.com/usn/USN-3104-1
http://www.ubuntu.com/usn/USN-3104-2
http://www.ubuntu.com/usn/USN-3105-1
http://www.ubuntu.com/usn/USN-3105-2
http://www.ubuntu.com/usn/USN-3106-1
http://www.ubuntu.com/usn/USN-3106-2
http://www.ubuntu.com/usn/USN-3106-3
http://www.ubuntu.com/usn/USN-3106-4
http://www.ubuntu.com/usn/USN-3107-1
http://www.ubuntu.com/usn/USN-3107-2
https://access.redhat.com/errata/RHSA-2017:0372
https://access.redhat.com/security/cve/cve-2016-5195
https://access.redhat.com/security/vulnerabilities/2706661
https://bto.bluecoat.com/security-advisory/sa134
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
https://bugzilla.suse.com/show_bug.cgi?id=1004418
https://dirtycow.ninja
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kc.mcafee.com/corporate/index?page=content&id=SB10176
https://kc.mcafee.com/corporate/index?page=content&id=SB10177
https://kc.mcafee.com/corporate/index?page=content&id=SB10222
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/
https://nvd.nist.gov/vuln/detail/CVE-2016-5195
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
https://security-tracker.debian.org/tracker/CVE-2016-5195
https://security.netapp.com/advisory/ntap-20161025-0001/
https://security.paloaltonetworks.com/CVE-2016-5195
https://source.android.com/security/bulletin/2016-11-01.html
https://source.android.com/security/bulletin/2016-12-01.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd
https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195
https://www.cve.org/CVERecord?id=CVE-2016-5195
https://www.exploit-db.com/exploits/40611/
https://www.exploit-db.com/exploits/40616/
https://www.exploit-db.com/exploits/40839/
https://www.exploit-db.com/exploits/40847/
https://www.kb.cert.org/vuls/id/243144

History

Tue, 04 Nov 2025 16:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2024/Aug/35

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195

Wed, 29 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Subscriptions

Canonical Ubuntu Linux

Debian Debian Linux

Fedoraproject Fedora

Linux Linux Kernel

Netapp Cloud Backup Hci Storage Nodes Oncommand Balance Oncommand Performance Manager Oncommand Unified Manager For Clustered Data Ontap Ontap Select Deploy Administration Utility Snapprotect Solidfire

Paloaltonetworks Pan-os

Redhat Enterprise Linux Enterprise Linux Aus Enterprise Linux Eus Enterprise Linux Long Life Enterprise Linux Tus Enterprise Mrg Rhel Aus Rhel Eus Rhel Extras Rt Rhel Mission Critical Rhel Tus

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2016-11-10T21:00:00.000Z

Updated: 2025-11-04T16:09:08.278Z

Reserved: 2016-05-31T00:00:00.000Z

Link: CVE-2016-5195

Vulnrichment

Updated: 2025-11-04T16:09:08.278Z

NVD

Status : Analyzed

Published: 2016-11-10T21:59:00.197

Modified: 2026-04-21T17:43:46.450

Link: CVE-2016-5195

Redhat

Severity : Important

Publid Date: 2016-10-19T00:00:00Z

Links: CVE-2016-5195 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-362

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object