How Bad Is Dirty COW Linux Kernel Vulnerability?

In October, 2016, critical Linux kernel vulnerability was discovered. The vulnerability called Dirty COW is related to copy-on-write (COW) kernel memory processing mechanism. Actually, it exists in Linux kernel since 2007.

Vulnerability refers to privilege escalation. Exploiting Dirty COW bug, unauthorized local users can gain write access, though access should be limited to read-only.

On the practical side, the bug allows you to perform write operations in read-only files (e.g. modify the contents of a read-only file owned by root). In particular, with the help of Dirty COW an unprivileged attacker could change the executable system files, bypassing the regular access control mechanisms. Moreover, remote attackers could combine Dirty COW with other exploits to gain remote access with elevated privileges, and execute malware. The bug affects all Linux-related distributives including Android (version 6 and early 7).

Fixing the vulnerability requires a kernel upgrade. The vulnerability is fixed in kernel versions 4.8, 4.7, 4.4. To remove the bug, a new FOLL_COW flag is added to kernel (it changes 7 lines of code). Some GNU/Linux distributions (for example, Debian, Ubuntu, RedHat etc.) have announced the release of patched kernel packages.