News, tips, partners, and perspectives for the Oracle Linux operating system and upstream Linux kernel work

Take Action on Dirty COW

Zeynep Koch
Global Director of Marketing, Linux and Virtualization

I am sure you have heard about "Dirty COW" by now and may be trying to figure out if you need a patch or how to patch your Linux systems.

Dirty COW is a concurrency vulnerability in the Linux kernel’s memory subsystem that allows uncontrolled access to shared data. Specifically, this is a copy-on-write (COW) breakage that could allow an unprivileged user to gain write access to otherwise read-only memory mappings and potentially increase their privileges on the system.

This vulnerability was reported last week and it is recommended that you promptly implement fixes/patches to address it, to help ensure the rights/privileges you have in place to contain users’ read/write access are not altered.

Oracle has released updates to Oracle Linux to address Dirty COW. For those customers with an Oracle Premier Support subscription, this is a good time to use the Ksplice service – which enables you to access and apply these patches with zero downtime. Read more about it on the Ksplice blog.

For customers without a Premier Support subscription, you will need to schedule downtime, apply the patches and restart your system. You can find the documentation on using the yum-security plugin here. You can find all Oracle Linux CVEs here and in Oracle Support Document 2117117.1

PC: Dirty Cow Logo from https://upload.wikimedia.org/wikipedia/commons/1/1b/DirtyCow.svg



Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.