Protect Your Linux: Act Now Against ‘Dirty COW’ Exploits

If you own a server, computer, an Android phone or any other device that runs Linux, you need to read this. Hackers have begun exploiting a Linux kernel security flaw known as “Dirty COW”.

“Dirty COW” is a privilege escalation bug that affects all Linux-based operating systems. This bug is triggered when hackers exploit the race condition in the implementation of Linux’s copy-on-write (COW) mechanism, which is a resource management technique used to implement a “copy” operation on modifiable resources efficiently.

By exploiting this vulnerability, the hacker would be able to gain elevated access, thereby allowing them to hijack the entire system if they want to.

This vulnerability isn’t particularly new, as Linus Torvalds himself discovered the flaw 11 years ago. At the time, Torvalds himself was unable to fix the issue, and as such, he left the flaw alone since it was deemed “hard to trigger” anyways.

In a twist of events, this flaw has been made far more exploitable thanks to changes in Linux’s kernel design.

According to Phil Oester, the Linux security researcher who uncovered the flaw, the “Dirty COW” exploit is deemed easy to execute. “The exploit in the wild is trivial to execute, never fails and has probably been around for years – the version I obtained was compiled with GCC 4.8″ says Oester.

Since Oester discovered the exploit, vendors such as Red Hat, Debian and Ubuntu have released patches for their respective Linux versions. Read more about these patches here.

Now, for the bad news: it is likely that the vulnerable kernel will remain in Linux-powered devices such as routers, Internet-of-Things devices and other embedded devices.

As Android is based on Linux, the OS is also susceptible to the “Dirty COW” exploit.

Android will most likely be receiving a patch that would fix this vulnerability, but it won’t arrive until Android releases its patch batch next month. Note that even then, some of the Android devices currently in circulation may not get the patch due to limitations set by manufacturers and carriers.