0 - Resolve CVE-2016-5195 (Linux Dirty COW)

For CentOS, run this command to download a script to test your OS:

[root@server1 ]# wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh


Run the test script.

[root@server1 ]# bash rh-cve-2016-5195_1.sh


If the following output is displayed, your CentOS machine is vulnerable to CVE-2016-5195.

[root@server1 ]# bash rh-cve-2016-5195_1.sh
rh-cve-2016-5195_1.sh: line 574: lsmod: command not found
Your kernel is x.x.xx-xxx.xxx which IS vulernable.
Red hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .


You can also use the uname -rv command to view the version kernel you are currently using.

[root@server1 ]# uname -rv
kernel.x86_64 0:x.xx.x-xxx.xx.x.xx


If your machine is vulnerable to CVE-2016-5195, run the yum update command. This will download and install the latest kernel. Near the end of the output you should see the version of the new kernel that was installed.

[root@server1 ]# yum update
. . . 
  kernel.x86_64 0:x.xx.x-xxx.xx.x.xx


After the new kernel has been installed, reboot the machine.

[root@server1 ]# reboot


After reboot, ensure the new kernel is being used.

[root@server1 ]# uname -rv
kernel.x86_64 0:x.xx.x-xxx.xx.x.xx


Also ensure your machine is no longer vulnerable to CVE-2016-5195. In this example, the output confirms your machine is no longer vulnerable to CVE-2016-5195.

[root@server1 ]# bash rh-cve-2016-5195_1.sh
Your kernel is x.x.xx-xxx.xxx which is NOT vulernable.


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 52cd2 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |