Checking a RHEL system for the Dirty COW vulnerability

Tags linux how-to

Objective

Find out if the currently running kernel is vulnerable to Dirty COW (CVE-2016-5195).

Environment

Red Hat Enterprise Linux systems running stock kernels from Red Hat.

Procedure

  1. Download the test script: wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
  2. Run that test script: bash rh-cve-2016-5195_1.sh
  3. If the test script says the running kernel is vulnerable, then update the kernel, typically with yum update, and reboot to the updated kernel.
    • Use uname -r to get the running kernel version and yum info kernel to see if a newer version is installed but not running.
    • If the kernel was previously updated but the system was not rebooted to activate it, reboot to activate it.

Additional notes

This script only works if the system is running a standard kernel. For example, if you have installed kernel-ml or kernel-lt from ELRepo, the script will report a false negative for vulnerable kernels.

Information Assurance (IA) article on CVE-2016-5195.

Details

Article ID: 1836
Created
Wed 5/27/20 11:25 AM
Modified
Tue 6/23/20 11:36 AM