Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Dirty COW redux: Linux devs patch botched patch for 2016 mess

This time it's a 'Huge Dirty COW' and Linus Torvalds has cleaned up after it

Linus Torvalds last week rushed a patch into the Linux kernel, after researchers discovered the patch for 2016's Dirty COW bug had a bug of its own.

Dirty COW is a privilege escalation vulnerability in Linux's “copy-on-write” mechanism, first documented in October 2016 and affecting both Linux and Android systems.

As The Register wrote at the time, the problem means "programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory. The changes are then committed to storage, allowing a non-privileged user to alter root-owned files and setuid executables – and at this point, it's game over.”

It was patched promptly, but last week, this post at the OSS-Sec mailing list explained the slip-up in the patch. Discovered by researchers from Bindecy, “Huge Dirty Cow” is discussed in detail here.

“In the 'Dirty COW' vulnerability patch (CVE-2016-5195), can_follow_write_pmd() was changed to take into account the new FOLL_COW flag (8310d48b125d 'mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp').”

Bindecy's Eylon Ben Yaakov and Daniel Shapiro found a slip up in the use of pmd_mkdirty() in the touch_pmd() function, the post said.

What's that mean? The get_user_pages can reach touch_pmd(), “which makes writing on read-only transparent huge pages possible”, and from there Yaakov and Shapiro found ways to crash a variety of processes.

They've published their proof-of-concept here.

Android doesn't suffer from “HugeDirtyCow”. Red Hat Enterprise Linux is also safe. Many other *nixes do have the bug: “Every kernel version with THP support and the Dirty COW patch should be vulnerable (2.6.38 – 4.14)”, Yaakov and Shapiro wrote.

The kernel got its patch on November 27, before the bug was announced to the public. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like