Red Hat Discovers Dirty COW Archaic Linux Kernel Flaw Exploited In The Wild

A near decade old security flaw in the Linux kernel in now being exploited by hackers in the real world, Red Hat has discovered

Dubbed Dirty COW, a name derived from how the flaw exploits the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings, the exploit exists in nearly all versions of the Linux operating system, and researchers are advising Linux users to patch the hole as soon as possible.

“An unprivileged local user could use this flaw to gain write access to otherwise read only memory mappings and thus increase their privileges on the system,” Red Hat’s security advisory explained.

Dirty COW

On its surface Dirty COW simply gives people using the exploit greater access and control over a targeted computer rather than exist as a flaw which allows for code-execution.

However, there are two aspects that make it dangerous. The first, being that with elevated privileges a hacker can use Dirty COW with other malware and do it more effectively as they could execute malicious code as a root user with more access to a computer’s systems rather than an untrusted user.

Such exploits can be used to attack companies providing web hosting with Linux shell access and form there attack other customers of the web hosting firm as well as its administrators.

The second aspect is the vulnerability affects most versions of Linux, which given the spread of the open source operating system, means a potentially huge number of systems are exposed to the exploit, and researchers are already seeing Dirty COW being used out in the wild.

Another problem is that attacks using Dirty COW can happen in different layers of Linux making it difficult to defend against it using security software.

“Due to the attack complexity, differentiating between legitimate use and attack cannot be done easily, but the attack may be detected by comparing the size of the binary against the size of the original binary,” Red Hat’s advisory explained.

“This implies that antivirus can be programmed to detect the attack but not to block it unless binaries are blocked altogether.”

A Red Hat engineer Petr Matousek posted mitigation measures against the flaw in the advisory, but noted that it can affect how other programs run and that he is not convinced it will wholly mitigate the exploit.

With bugs like Dirty COW cropping up in widely used open source systems, it is no wonder that the Linux Foundation sees cyber security as a threat to the ‘golden age’ of open source.

What do you know about Linux? Take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Google Invests $1 Billion in AI Startup Anthropic

More investment into OpenAI rival Anthropic, after Google reportedly makes fresh investment of more than…

51 mins ago

The State of Additive Manufacturing: Head-to-Head

Explore insights from Mathieu Pérennou, Additive Manufacturing Solutions Director at Hexagon, on how 3D printing…

1 hour ago

The State of Additive Manufacturing 2025

Discover the current state of additive manufacturing, exploring its advancements, challenges, and impact on industries…

1 hour ago

Donald Trump Pardons Silk Road Founder Ross Ulbricht

Not just insurrectionists. Founder of criminal marketplace Silk Road also receives pardon from Donald Trump

2 hours ago

Elon Musk Takes Control Of Doge, As Vivek Ramaswamy Steps Down

Musk now in sole charge of Donald Trump’s Department of Government Efficiency, with remit to…

19 hours ago