CVE-2016-5195
Published: 10 November 2016
Summary
CVE-2016-5195 is a high-severity Race Condition (CWE-362) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.0 (High).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is a race condition in mm/gup.c within the Linux kernel versions 2.x through 4.x prior to 4.8.3. It stems from incorrect handling of the copy-on-write (COW) mechanism, enabling writes to read-only memory mappings. This flaw is tracked as CVE-2016-5195, carries a CVSS 3.1 score of 7.0, and is associated with CWE-362.
Local users with low privileges can exploit the race condition to escalate privileges on affected systems. The issue was actively exploited in the wild as of October 2016 under the name Dirty COW, allowing attackers to modify memory regions that should remain read-only and thereby obtain elevated access.
Advisories and patches reference a kernel commit addressing the flaw along with vendor notifications from FortiGuard and Juniper that point to updated kernel releases for mitigation. The vulnerability saw real-world exploitation shortly after disclosure, highlighting its impact on unpatched Linux systems running affected kernel versions.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-6146
Vulnerability details
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild…
more
in October 2016, aka "Dirty COW."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces memory protection safeguards that block unauthorized writes to read-only mappings, exactly the COW race condition exploited by CVE-2016-5195.
Requires timely application of the kernel patch (commit fixing mm/gup.c) that eliminates the Dirty COW race condition before local exploitation can succeed.
Limits privileges of local accounts so that even successful memory-mapping bypass yields minimal additional access on unpatched kernels.