VMSA-2016-0018.3 VMware product updates address local privilege escalation vulnerability in Linux kernel

vmsa-2016-0018-3-a

1. Summary

VMware product updates address local privilege escalation vulnerability in Linux kernel.

2. Relevant Products
  • VMware Identity Manager
  • vRealize Automation
  • vRealize Operations
3. Problem Description

a. Local privilege escalation vulnerability in Linux kernel

The Linux kernel which ships with the base operating system of VMware Appliances contains a race condition in the way its memory subsystem handles copy-on-write (aka “Dirty COW”). Successful exploitation of the vulnerability may allow for local privilege escalation. The product lines listed in this advisory have been confirmed to be affected. VMware product lines that are not affected are documented in VMware Knowledge Base article 2147515.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-5195 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

 vmsa-2016-0018-3-b

 

6. Change log

2016-11-09 VMSA-2016-0018
Initial security advisory in conjunction with the release of vROps patches on 2016-11-09.

2016-11-15 VMSA-2016-0018.1
Security advisory update in conjunction with the release of vRealize Operations 6.4 on 2016-11-15.

2016-11-17 VMSA-2016-0018.2
Security advisory update in conjunction with the release of VMware Identity Manager 2.8 and vRealize Automation 6.2.5 on 2016-11-17.

2016-11-22 VMSA-2016-0018.3
Security advisory update in conjunction with the release of vRealize Automation 7.2.0 on 2016-11-22.


Created on November 22, 2016 by Rick Scherer

Posted under Alert.

This blog has 1,232 views.

Tags: , , , ,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Comment

Name (required)

Email (required)

Website

Comments

More Blog Post