VMware Response to CVE-2016-5195: ‘Dirty COW’ privilege escalation vulnerability
Article ID: 341680
Updated On:
Products
VMware Desktop Hypervisor
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
On October 19th, 2016 a linux kernel vulnerability (CVE-2016-5195) known as ‘Dirty COW’ was published that may allow for local privilege escalation.
The VMware Security Engineering, Communications, and Response group (vSECR) has investigated the impact this vulnerability may have on VMware products. We have determined that the vulnerability does not pose a critical risk to affected products. Please see the VMware Security Response Policy for information on severity definitions. We have broken our products into the following 4 categories: ESXi, Windows based products, VMware products that run on Linux, and VMware Virtual Appliances. If a specific version number is not listed next to a product entry, then that entry refers to all versions of that product.
The VMware Security Engineering, Communications, and Response group (vSECR) has investigated the impact this vulnerability may have on VMware products. We have determined that the vulnerability does not pose a critical risk to affected products. Please see the VMware Security Response Policy for information on severity definitions. We have broken our products into the following 4 categories: ESXi, Windows based products, VMware products that run on Linux, and VMware Virtual Appliances. If a specific version number is not listed next to a product entry, then that entry refers to all versions of that product.
Resolution
vSphere ESXi Hypervisor
ESXi is not affected by CVE-2016-5195.
Windows based products
Windows based products, including all versions of vCenter Server running on Windows, are not affected by CVE-2016-5195.
VMware products that run on Linux
VMware products that run on Linux (excluding virtual appliances) might use a vulnerable kernel as part of the base operating system. VMware recommends that customers contact their operating system vendor for resolution.
VMware Workstation for Linux is an example of this type of product.
VMware Virtual Appliances
vSECR has determined that some virtual appliances are affected by CVE-2106-5195, but the severity of the issue varies widely from product to product. Affected products and remediation paths are announced in VMSA-2016-0018.
The following products have been determined to not be affected by CVE-2016-5195 even though they may ship with a vulnerable kernel. vSECR has evaluated these products and determined that exploitation is not possible because there is no valid attack vector to exploit the vulnerability. Automated vulnerability scanners may report that these products are vulnerable to CVE-2016-5195 even though the issue is not exploitable. These products will still be updating their respective kernels in scheduled maintenance releases as a precautionary measure. Again, if a specific version number is not listed next to a product entry, then that entry refers to all versions of that product.
VMware Access Point
VMware Hybrid Cloud Manager
VMware Infrastructure Navigator
VMware NSX
VMware vCenter Server Appliance
VMware Hybrid Cloud Manager
VMware Infrastructure Navigator
VMware NSX
VMware vCenter Server Appliance
VMware vRealize Log Insight
VMware vRealize Orchestrator
VMware vSphere Replication
Feedback
Yes
No
Powered by
