Published: 30/11/2017 Updated: 26/06/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 701

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The Linux Kernel versions 2.6.38 up to and including 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kernel-alt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...

Stack-based out-of-bounds read via vmcall instructionLinux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue It could occur when emulating vmcall instructions invoked by a guest A guest user/process could use this flaw to disclose kernel memory bytes(CVE-2017-17741) drivers/block ...

A flaw was found in the patches used to fix the 'dirtycow' vulnerability (CVE-2016-5195) An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages ...

Several security issues were fixed in the Linux kernel ...

USN-3509-2 introduced a regression in the Linux HWE kernel for Ubuntu 1404 LTS ...

USN-3509-1 introduced a regression in the Linux kernel for Ubuntu 1604 LTS ...

Several security issues were fixed in the Linux kernel ...

A flaw was found in the patches used to fix the 'dirtycow' vulnerability (CVE-2016-5195) An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages (CVE-2017-1000405) Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerab ...

Kernel address information leak in drivers/acpi/sbshcc:acpi_smbus_hc_add() function potentially allowing KASLR bypassThe acpi_smbus_hc_add function in drivers/acpi/sbshcc in the Linux kernel, through 41415, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call(CVE-2018-5750) Improper sortin ...

// EDB Note: Source ~ mediumcom/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 // EDB Note: Source ~ githubcom/bindecy/HugeDirtyCowPOC // Author Note: Before running, make sure to set transparent huge pages to "always": // `echo always | sudo tee /sys/kernel/mm/transparent_hugepage/enabled` // // // Th ...

/* * The code is modified from wwwexploit-dbcom/exploits/43199/ */ #define _GNU_SOURCE #include <unistdh> #include <sys/mmanh> #include <errh> #include <stdioh> #include <stringh> #include <stdlibh> #include <fcntlh> #include <sys/stath> #include <schedh> #include <pthrea ...

A POC for the Huge Dirty Cow vulnerability (CVE-2017-1000405)

"Huge Dirty Cow" POC A POC for the Huge Dirty Cow vulnerability (CVE-2017-1000405) Full details can be found here Before running, make sure to set transparent huge pages to "always": echo always | sudo tee /sys/kernel/mm/transparent_hugepage/enabled

Dirtyc0w Exploit Contents Dirtyc0w Exploit Contents What is it? What systems are effected? Usage Requirements Importing the VM Compiling the file Executing the exploit Patch What is it? "A race condition in mm/gupc in the Linux kernel 2x through 4x before 483 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature t

CWE-362 https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 https://www.exploit-db.com/exploits/43199/http://www.securityfocus.com/bid/102032 http://www.securitytracker.com/id/1040020 https://access.redhat.com/errata/RHSA-2018:0180 https://source.android.com/security/bulletin/pixel/2018-02-01 https://access.redhat.com/errata/RHSA-2018:0180 https://nvd.nist.gov https://github.com/bindecy/HugeDirtyCowPOC https://www.exploit-db.com/exploits/43199/https://alas.aws.amazon.com/AL2/ALAS-2018-956.html https://usn.ubuntu.com/3510-2/

CVE-2017-1000405

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect