This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Cumulus Linux Is Susceptible to Kernel Vulnerability CVE-2016-5195 (Dirty CoW)

Follow

Issue

Is Cumulus Linux susceptible to the kernel vulnerability CVE-2016-5195?

Environment

  • Cumulus Linux 2.5.0 and later

Resolution

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. All the information we have so far is included in this page.

The bug has existed since around 2.6.22 (released in 2007) and was fixed in the Linux kernel on 18 October, 2016.

While Cumulus Linux is susceptible to this issue, it should not affect users because switches running Cumulus Linux and Cumulus RMP do not normally have untrusted users able to login to the switch. This bug cannot be exploited remotely.

Cumulus Linux and Cumulus RMP version 3.1.2 has been updated with a fix for this security advisory.

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk