Vulnerability Discovered in Dirty COW Patch

In the October 27, 2016 edition of the Weekly Bulletin, the NJCCIC alerted members to a Linux Kernel vulnerability (CVE-2016-5195), dubbed Dirty COW, that impacted several Linux distributions. Last week, the same researchers who discovered the initial vulnerability released their findings regarding a new vulnerability (CVE-2017-1000405) affecting the original Dirty COW patch. Unlike the previous flaw, this vulnerability does not impact Red Hat Enterprise Linux or the Android OS; however, all other Linux distributions are affected. The NJCCIC recommends users and administrators of affected Linux distributions review the Bindecyreport and apply the appropriate update as soon as it become available. Administrators can immediately mitigate this vulnerability by disabling the use of “zero page.”