Home > Cyber News > CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)

CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)


CVE-2016-5195 is a Linux vulnerability in the wild which is most likely found in every Linux version for the last nine years. Linux users should consider installing a security patch immediately.

The vulnerability is a Kernel Local Privilege Escalation one and its status is still “ongoing”.

More about CVE-2016-5195

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

The exploit enables an attacker to obtain higher levels of control over the system. An actor with limited access to a web-hosting server can employ the exploit to gain deeper shell access, and can later use that access to attack other users of the server. Even server admins can be affected. The worst part is that privilege escalation vulnerabilities could be deployed in combination with other exploits – like SQL injections.

Related: Systemd and Ubuntu Address Multiple Linux Vulnerabilities

The bug was discovered by Phil Orster, Linux developer. Linux users are encouraged to consult with the maintainers of their Linux distribution to avoid being affected by CVE-2016-5195.

Researchers say that this is probably the most serious Linux local privilege escalation to date. The vulnerability’s nature allows for extremely reliable exploitation, says Dan Rosenberg, senior researcher at Azimuth Security. The fact that it’s been around for nine years makes the situation even scarier.

Currently, Linux distributions are receiving patches in various stages, after the development of the official patch on behalf of the official Linux kernel maintainers.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree