Dirty Cow patch contained flawed code.
Dirty Cow patch contained flawed code.

Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.

The patch was released in October 2016 and fixed a flaw that allows an attacker with a local system account to modify on-disk binaries and bypass the standard permission mechanisms that would prevent modification without an appropriate permission set, Phil Oester, the resarchers who discovered the flaws said on his website.

The patch contained a vulnerability (CVE-2016-5195) which could allow an adversary to run local code on affected systems and exploit a race condition to perform the attacks, according to a Nov. 27 blog post. It's worth noting the scope of the vulnerability is significantly lower than that of the initial Dirty Cow vulnerability and was rated as “Important” scoring 6.1 on the CVSS scale.

“In terms of scope, the difference is just that the current bug is not applicable to Android and Red Hat Enterprise Linux,” Bindecy Researcher Daniel Shapiro told Threatpost. “All other distributions – Ubuntu, Fedora, SUSE – suffer from the issue. So, the scope is still large. We estimate that millions of machines are vulnerable.”

Researchers were able to exploit the bug using a read-only huge page as a target for the writing. The vulnerability was reported to the Linux Kernel Organization on Nov. 22 and a CVE was assigned the same day and a patch was committed to the mainline kernel Nov. 27.