VMSA-2016-0018

VMSA-2016-0018

This post was originally published on this site ---

--- This is a critical security advisory from VMware (VMSA) ---

Greetings from the VMware Security Response Center!

Today we released VMSA-2016-0018 which documents products affected by CVE-2016-5195 – aka: the ‘Dirty COW’ vulnerability. In addition, we have also released Knowledge Base Article 2147515 which documents unaffected products.

There are a few points I’d like to make about our evaluation of this issue and its effect on our products.

We have classified the severity of this issue as ‘Important’ in accordance with our Security Response Policy.

There are 2 requirements that must be met for a product to be considered affected by CVE-2016-5195:

  1. The product must ship with a vulnerable Linux kernel.
  2. There must be a valid attack vector that can be used to exploit the vulnerability.

During our evaluations we found that VMware appliances do indeed ship with a vulnerable Linux kernel and met requirement 1. However, only a select few of these appliances met requirement 2. and are therefore considered affected. These affected products as well as remediation information is documented in VMSA-2016-0018 which will be updated as more fixes become available.

Also, we understand that various automated vulnerability scanners will most likely flag products we have listed as unaffected in KB 2147515 as affected. We want to make it clear that while these products are not affected, we will still be rolling out kernel updates for them in maintenance releases as a precautionary measure.

Please sign up to be notified when new and updated VMSAs are released on the right-side of this page as we will be updating VMSA-2016-0018 over the next few weeks.

That’s it for now.

Drop us a line at security@vmware.com if you have any questions on the vulnerability or advisory.

The post VMSA-2016-0018 appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *