Skip to content
← Browse CVEs

CVE-2016-5195

High · CVSS 7EPSS 83.9%CISA KEVCWE-362 · Race Condition

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

References

NVD MITRE CVE.org CISA KEV

Published

Community ground truth

Community verdict

2 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: High (High 2) — CVSS base score 7

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Tomáš NovákCurated

    Reliable local privesc to root via a copy-on-write race in the kernel. Local-only, so high not critical — but it's the go-to post-exploitation step on any unpatched Linux box, and exploits are rock-solid.

  • 0
    Remediation · Diego RamírezCurated

    Patch the kernel and reboot. There's no real userspace mitigation; this is a kernel fix.