LINUX SECURITY VULNERABILITY RESPONSE INFORMATION

Dirty COW

Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.

Affected Products

The latest reported common Linux kernel vulnerability, CVE-2016-5195, also referred to as Dirty COW, has been addressed by the Security Response Team.

With this breach, a regular system user can perform a local privilege escalation and become root. This may expose, for instance, read-only files to users with no writing or modifying rights.

The following Wind River Linux versions are affected:

  • Linux 8
  • Linux 7
  • Linux 6
  • Linux 5

Customers not on the latest version of software may be vulnerable and should contact Wind River Customer Support or their local Wind River representative for information regarding a fix for their version.

Further information can be found on https://dirtycow.ninja/.

REMEDIATION

Wind River has released hot patches for all affected Wind River Linux versions*.

The following is a list of Wind River products and their vulnerabilities to CVE-2016-5195.

Product

Vulnerable

Version

Remediation

*You need an account to access the Knowledge Library. If you don't have a valid Knowledge Library account, please contact local customer support.

Malicious attacks can make you accountable for financial and image losses. Security coverage from an established and trusted vendor will keep your plan relevant in the ever-changing open source world.

We continue to monitor the situation on our security mailing lists in case there are new developments, and will post periodic updates via RSS feeds and the Wind River Support Network.

You Can’t Afford a Security Breach

This is just one of the more than 6,000 security vulnerabilities that our Security Response Team analyzes annually, and only one of the more than 1,000 annually for which we have produced a fix and rolled it out to all of our current customers.

Our support and maintenance practices and processes provide the most tangible proof of value when choosing Wind River products. Based on our years of industry experience and embedded software expertise, our programs are tailored to cost-effectively maintain your embedded software throughout its lifecycle. See our maintenance page for more details.

Customers are urged to keep their support and maintenance contracts current, and to install the latest available updates to their installed products. If you don’t know if your support and maintenance contract is current, make sure to contact your Wind River representative.