Tell me more about the "Dirty COW" patch, older distros?

[VirtualLarry]

It seems that the Linux kernel has had a serious bug in it's COW (copy-on-write) mechanism, a bug in the atomicity of it, that allows privilidge escalation, for the last nine years!

Anyways, I was wondering, are they going to be rolling the fix into only the newest kernel images, or will they be back-porting the "fix" to older kernel series?

Part of the reason that I ask is, I run Linux Mint 17.3 Mate on my Gigabyte Brix J1900 mini-PC. It's practically the only Linux distro that works on it properly, if you update the BIOS and tweak it a bit, because newer kernel versions in newer distros, cause it to hang sometimes, in the span of a few days, due to power-management bugs in the Linux kernel (newer kernels), having to do with the Bay Trail SoC platform.

So, as far as I know, upgrading to a 4.4-series kernel is out of the question. I need a 3.6-series kernel.

Any ideas? Distro is Linux Mint Mate 17.3.

 

[ControlD]

Have you tried a newer 3.x kernel? I see Ubuntu has released a patched version 3.13.0-100.147 kernel. I see that version is also the patched kernel for Mint 17.3.

 

[dave_the_nerd]

Mint 17 is based on Ubuntu 14, which has the patch available. (12.04 LTS, 14.04 LTS, and 16.04 LTS got the patch, but 10.04 did not, so I had an interesting week last week with the legacy Ubuntu 10.x systems... most of which no longer exist.)

Patches are available for 2.x, 3.x, and 4.x kernels.

So whether or not the Mint guys roll the update in or not... that's up to them.

I guess that's why it's a good idea to stay as close to the "ur" distro as possible. (e.g., CentOS didn't get a DirtyCOW patch for almost a week after RHEL got it.)

 

[VirtualLarry]

Mint 17 is based on Ubuntu 14, which has the patch available.

Thanks Dave, and everyone else that responded! I guess I should just boot into my Mint 17.3 install, and run the updater.

 

[TheRyuu]

If the distro is still in the support window then I don't see why it wouldn't be backported.

 

[ultimatebob]

Dirty COW isn't remotely exploitable, is it? If it's an local only exploit, I shouldn't bother deploying it to my web server.

 

[TheRyuu]

Dirty COW isn't remotely exploitable, is it? If it's an local only exploit, I shouldn't bother deploying it to my web server.

I don't see why you wouldn't still push a fix. It can be used as a method for a privilege escalation in the event of a RCE in a sandboxed or locked down process.

 

[you2]

Dirty COW is a silly race condition; it should be patched from 12.04 on wards (ubuntu). I gave up on mint this summer though a friend of mine swears by federa. Anyway the bug is trivial to fix but I can't tell you if your kernel has been patched. I wonder if you can assign a kernel affinity or ran the system on a single core system if the problem would go away.

(Can a context switch can occur in the critical path ? My guess is the author assumed that since it couldn't context switch there wasn't an issue and then multi-core processors became the norm and the kernel was restucture to support them).
Any way cow gets a lot of attention because it is easy to exploit but I'm not so sure it is the most serious issue linux has seen (from a security perspective).