CVE-2016-5195 is a Linux vulnerability in the wild which is most likely found in every Linux version for the last nine years. Linux users should consider installing a security patch immediately.
The vulnerability is a Kernel Local Privilege Escalation one and its status is still “ongoing”.
More about CVE-2016-5195
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
The exploit enables an attacker to obtain higher levels of control over the system. An actor with limited access to a web-hosting server can employ the exploit to gain deeper shell access, and can later use that access to attack other users of the server. Even server admins can be affected. The worst part is that privilege escalation vulnerabilities could be deployed in combination with other exploits – like SQL injections.
The bug was discovered by Phil Orster, Linux developer. Linux users are encouraged to consult with the maintainers of their Linux distribution to avoid being affected by CVE-2016-5195.
Researchers say that this is probably the most serious Linux local privilege escalation to date. The vulnerability’s nature allows for extremely reliable exploitation, says Dan Rosenberg, senior researcher at Azimuth Security. The fact that it’s been around for nine years makes the situation even scarier.
Currently, Linux distributions are receiving patches in various stages, after the development of the official patch on behalf of the official Linux kernel maintainers.