The kernel flaw (CVE-2016-5195) is an 11-year-old bug that Linus Tovalds himself tried to patch once. His work, unfortunately, was undone by another fix several years later, so Oester figures it’s been around since 2007. The problem is with the Linux kernel’s memory system, that breaks during certain memory operations, according to Red Hat. “An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”
In other words, it can be used to get root server access, which is a terrible thing for the internet. It’s primarily an exploit for users that already have an account on a server. However, it could potentially be exploited on a Linux machine that lets you executive a file — something that’s common for online servers.
Torvalds points out that the race condition flaw used to be “purely theoretical,” but is now easier to trigger thanks to improved VM tech. Keepers of the Linux kernel have patched the bug (dubbed “Dirty COW,” for copy-on-write) and distributors like Red Hat, which classified the bug as “important,” are working on updates. “All Linux users need to take this bug very seriously, and patch their systems ASAP,” says Oester. He adds that the packet captures that helped him spot the exploit “have proved invaluable numerous times. I would recommend this extra security measure to all admins.”