A newly reported exploit in the memory mapping section of the Kernel has been reported. It’s actually been in the kernel for years but just recently became much more dangerous due to recent changes in the kernel structure. Here’s the alert from Red Hat’s website:
Red Hat Product Security has been made aware of a vulnerability in the Linux kernel that has been assigned CVE-2016-5195. This issue was publicly disclosed on October 19, 2016 and has been rated as Important.
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges. An exploit using this technique has been found in the wild.
Here’s a great description of how the exploit works in a 12 minute youtube video
Patch patch patch!!