A privilege escalation vulnerability being branded as “Dirty Cow” (CVE-2016-5195) was recently discovered and fixed yesterday in the Linux Kernel. It has existed for 11 years, so pretty much every device running Linux is affected (this includes VMs, physical machines, mobile devices, and so on) and, in general, distros from every vendor are affected.
Linode has made available new 4.8.3 based kernels to address the issue – so if you’re running our kernels (as is the default), you should just need to reboot your Linodes to pick up the new kernel.
If you’re running a distribution’s kernel or your own kernel, you’ll need to apply updates on your own.
As always, there are subtleties and potential defenses and configurations which may make this a non-issue for your specific situation, so we’ll leave the assessment up to you – but our general advice is to upgrade your kernels and reboot as soon as possible.
For the curious, here’s the patch from Linus Torvalds.
Filed under: announcements by Linode Security Team