Threat Intelligence / CVE / CVE-2016-5195

CVE-2016-5195

CISA KEVRansomware

CVSS 7 (HIGH) · EPSS 93.9% · Published 2016-11-10

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

CVSS v3 vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Threats tracking this CVE

SHADOW-AETHER-040 & SHADOW-AETHER-064 — Agentic AI-Driven Intrusion Campaigns Targeting LATAM Government and Financial Sectors (Vibe Hacking) — CRITICAL

References

http://rhn.redhat.com/errata/RHSA-2016-2107.html
https://www.exploit-db.com/exploits/40616/
https://access.redhat.com/errata/RHSA-2017:0372
https://bto.bluecoat.com/security-advisory/sa134
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://www.exploit-db.com/exploits/40839/
https://dirtycow.ninja/
https://www.exploit-db.com/exploits/40847/
http://rhn.redhat.com/errata/RHSA-2016-2118.html
http://rhn.redhat.com/errata/RHSA-2016-2128.html
https://source.android.com/security/bulletin/2016-12-01.html

Full detection coverage & IOCs for threats exploiting CVE-2016-5195 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence