This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - Dirty COW Vulnerability in Huawei Products

  • SA No:huawei-sa-20161207-01-dirtycow
  • Initial Release Date: 2016-12-07
  • Last Release Date: 2021-12-22

In the morning of October 21th, 2016, a security researcher Phil Oester disclosed a local privilege escalation vulnerability in Linux kernel.

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could exploit this vulnerability to gain write access to otherwise read-only memory mappings and thus obtain the highest privileges on the system. (Vulnerability ID: HWPSIRT-2016-10050)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-5195.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en

产品名称

版本号

修复版本号

5288 V3

V100R003C00

V100R003C00SPC702

9032

V100R001C00

V100R001C00SPC205

V100R001C00SPC101

V100R001C00SPC200

AC6605

V200R006C00

v2r7c10

Agile Controller-Campus

V100R002C00

V100R002C10SPC405

V100R002C10

V100R002C10SPC400

V100R002C10SPC403

Austin

V100R001C10B290

V100R001C10B750SPC007

V100R001C10B680

V100R001C20B110

V100R001C20B210SPC005

V100R001C30

V100R001C30B256

V100R001C50

V100R001C50B090

BH620 V2

V100R002C00

V100R001C00SPC206

BH621 V2

V100R002C00

V100R002C00SPC403

BH622 V2

V100R002C00

V100R002C00SPC403

BH640 V2

V100R002C00

V100R002C00SPC403

Balong GU

V800R200C50B200

V800R200C52B300SPC005

V800R200C55B200

V800R200C55B355SPC001

Balong GUL

V700R110C30

V700R110C30B323

V700R110C31

V700R200C00

V700R200C00B317

V700R220C30

V700R220C30B233

V700R500C30

V700R500C30B325

V700R500C31

V700R500C31B187

CH121 V3

V100R001C00

V100R001C00SPC205

CH140 V3

V100R001C00

V100R001C00SPC126

CH220 V3

V100R001C00

V100R001C00SPC203

CH222 V3

V100R001C00

V100R001C00SPC205

CH225 V3

V100R001C00

V100R001C00SPC103

CH226 V3

V100R001C00

V100R001C00SPC125

Carrier-eLog

V200R003C10

elog V2R5C00SPC200

Chicago

V100R001C10

V100R001C10B505

CloudOpera CSM

SysTool(OSUpgrade)V200R016C10SPC100

CSM CSMV200R17C10SPC100

SysTool(OSUpgrade)V200R016C10SPC100B021

V200R016C10SPC600

Dallas

V100R001C10

V100R001C10B290SPC005

E5573

E5573s-320TCPU-V200R001B180D11SP00C00

E5573s-320TCPU-V200R001B323D05SP00C00

E5878s-32

E5878s-32TCPU-V200R001B280D01SP05C00

E5878s E5878s-32TCPU-V200R001B316D15SP00C00

E6000 Chassis

V100R001C00

V100R001C00SPC601

Enterprise Service Solution EIDC

V100R001C60

V100R001C60LHBM31

FusionCompute

V100R003C10SPC600

V100R006C10RC1

V100R005C00

V100R005C10

V100R005C10U1_B1075917

FusionCube

V100R002C60RC1

V100R002C60SPC100

FusionManager

FusionManager V100R005C00

FusionManager V100R006C00

FusionManager V100R005C10

V100R003C00

V100R006C00

V100R003C10

V100R005C00

V100R005C00SPC100

V100R005C00SPC200

V100R005C00SPC300

V100R005C10

V100R005C10SPC300

V100R005C10SPC500

V100R005C10SPC700

V100R005C10SPC703

V100R005C10SPC720T

V100R005C10U1_B1075133

V100R005C10U2

FusionSphere OpenStack

V100R005C00

V100R006C00SPC101

V100R005C10

V100R005C10SPC500

V100R005C10SPC700

V100R005C10U20

V100R005C10U30

V100R006C00

V100R006C00RC1

FusionStorage Block

V100R003C00

V100R003C30U2SPC001

V100R003C02

V100R003C30

FusionStorage Object

V100R002C00

V1R2C01LHWS02U1SPC1

V100R002C01

HiDPTAndroid

HiDPTAndroidV200R001C00

HiDPTAndroidV200R001SPC122

V300R001C00

HiDPTAndroidV300R001C01SPC050

HiSTBAndroid

HiSTBAndroidV600R003C00SPC010

HiSTBAndroidV600R003C00SPC020

Huawei solutions for SAP HANA

V100R001C00

V100R001C01SPC104

IPC6112-D

V100R001C10

IPC Module V200R003C00SPC100

IPC6122-D

V100R001C10

V100R001C10SPC306

IPC6611-Z30-I

V100R001C00

V100R001C00SPC306

KII-L21

KII-L21C02B131CUSTC02D002

KII-L21C02B140CUSTC02D001

KII-L21C10B130CUSTC10D003

KII-L21C10B150CUSTC10D003

KII-L21C10B140CUSTC10D004

KII-L21C185B130CUSTC185D002

KII-21 KII-21C185B150CUSTC185D001

KII-L21C185B140CUSTC185D004

KII-L21C185B310CUSTC185D004

KII-L21C185B321CUSTC185D001

KII-L21C464B130

KII-L21C464B140

KII-L21C629B130CUSTC629D004

KII-L21C629B140CUSTC629D001

KII-L21C636B130CUSTC636D002

KII-L21C636B160CUSTC636D001

KII-L21C636B140CUSTC636D004

KII-L21C636B150CUSTC636D005

KII-L21C636B310CUSTC636D001

KII-L21C636B330CUSTC636D002

KII-L21C636B320CUSTC636D001

KII-L21C900B122

KII-L21C900B130

KII-L21C96B130

KII-L21C96B140CUSTC96D004

OTA-KII-L21C02B131CUSTC02D002

OTA-KII-L21C02B140CUSTC02D001

OTA-KII-L21C185B140CUSTC185D004

OTA-KII-L21C185B150CUSTC185D001

OTA-KII-L21C185B310CUSTC185D004

KII-L21C185B321CUSTC185D001

OTA-KII-L21C636B140CUSTC636D004

OTA-KII-L21C636B160CUSTC636D001

OTA-KII-L21C636B310CUSTC636D001

KII-L21C636B330CUSTC636D002

OTA-KII-L21C636B320CUSTC636D001

OTA-KII-L21C636B330CUSTC636D002

L2800

V100R001C00SPC200

V100R001C00SPC301

LogCenter

V100R001C10

V1R1C20

OTA-

KII-L21C636B150CUSTC636D005

OTA-KII-L21 OTA-KII-L21C636B160CUSTC636D001

OceanStor Backup Software

V100R002C00

OceanStor BCManager V200R001C00SPC201B016

V100R002C00LHWS01_P385795

V100R002C00SPC200

V200R001C00

V200R001C00SPC200

OceanStor CSE

V100R001C01SPC103

V100R002C00LSFM01SPC109

V100R001C01SPC106

V100R001C01SPC109

V100R001C01SPC112

V100R002C00LSFM01CP0001

V100R002C00LSFM01SPC101

V100R002C00LSFM01SPC102

V100R002C00LSFM01SPC106

OceanStor HDP3500E

V100R002C00

HDP3500E V100R003C00SPC505

V100R003C00

OceanStor HVS85T

V100R001C00

V100R001C30SPC201

V100R001C10

V100R001C30

OceanStor N8500

V200R001C09

OceanStor BCManager V200R001C00SPC201

V200R001C91

V200R001C91SPC900

OceanStor Onebox

V100R003C10

OceanStor CSE V100R002C00LSFM01SPC109

OceanStor ReplicationDirector

V200R001C00

OceanStor BCManager V200R001C00SPC201B013

Onebox Solution

V100R005C00

OceanStor CSE V100R002C00LSFM01SPC109

V1R5C00RC2

RH1288 V2

V100R002C00

V100R002C00SPC611

RH1288 V3

V100R003C00

V100R003C00SPC622

RH1288A V2

V100R002C00

V100R002C00SPC716

RH2285 V2

V100R002C00

V100R002C00SPC505

RH2285H V2

V100R002C00

V100R002C00SPC606

RH2288 V2

V100R002C00

V100R002C00SPC606

RH2288 V3

V100R003C00

V100R003C00SPC622

RH2288A V2

V100R002C00

V100R002C00SPC716

RH2288E V2

V100R002C00

V100R002C00SPC300

RH2288H V2

V100R002C00

V100R002C00SPC710

RH2288H V3

V100R003C00

V100R003C00SPC530

RH2485 V2

V100R002C00

V100R002C00SPC700

RH5885 V3

V100R003C01

V100R003C01SPC119

V100R003C10

V100R003C10SPC109

RH5885H V3

V100R003C00

V100R003C00SPC206

V100R003C10

V100R003C10SPC105

RH8100 V3

V100R003C00

V100R003C00SPC213

SMU(02B)

V300R002C10

SMU V500R002C20SPC961

V300R002C20

V300R003C00

V300R003C10

V300R003C91

V300R003C93

V500R001C00

V500R001C10

V500R001C20

SMU(02C)

V500R001C20

SMU V500R003C00SPC031

V500R001C30

V500R001C50

V500R001C60

V500R002C00

V500R002C10

V500R002C20

V500R002C30

V500R002C50

SMU(02S)

V500R001C50

SMU V500R003C00SPC031

V500R001C60

V500R002C00

V500R002C10

V500R002C20

V500R002C30

UPS2000

V100R001C00

V100R021C92SPC050

V100R001C10

V100R001C34

V100R002C02

V200R001C01

V200R001C31

UPS5000

V100R001C00

V100R003C01SPC408

V100R001C08

V100R001C10

V100R001C37

V100R001C39

V100R002C00

V100R003C01SPC410

V100R002C04

V100R003C01SPC408

V100R002C11

V100R003C01SPC410

V100R002C15

V100R003C01SPC408

V100R002C34

V100R002C41

V100R002C41SPC601

V100R003C00

V100R003C01SPC408

V100R003C01

V100R003C03

V300R001C90

V300R002C00

V100R002C41SPC601

V1300N

V100R002C02

VCN3010 V100R002C50

VCM

V100R001C00

VCM5010 V100R002C50

V100R001C10

V100R001C20

X6000

V100R002C00

XH621 V2 V100R001C00SPC300     XH310 V2 V100R001C00SPC301    XH311 V2 V100R001C00SPC301    XH320 V2 V100R001C00SPC300  XH321 V2 V100R002C00SPC503  XH310 V3 V100R003C00SPC600

X6800

V100R003C00

XH620 V3 V100R003C00SPC615

eA680-208

V100R001C00

V100R001C00SPC100

eCloud CC

V100R001C01LSHU01

V100R001C01LPAT14

eLog

V200R003C10

elog V2R5C00SPC200

V200R003C20

eOMC910

V100R003C00

eOMC910_TD V100R003C00SPC200

eSight

V300R003C20

V300R003C20CP0062

V300R005C00SPC200

eSight Network

V300R006C00

V300R006C00SPC501

V300R007C00

V300R007C00SPC100

eSpace 8950

V200R003C00

V200R003C00SPCf00

eSpace IPC

V100R001C21

IPC6325-WD-VR V200R002C20SPC200

V200R001C01

V200R001C02

eSpace VCN3000

V100R001C01

VCN3010 V100R002C50

V100R002C00

V100R002C10

V100R002C20

iBattery

iBattery_V276

iBattery_V297B014 included in UPS5000 V300R002C10SPC401

iBattery_V281

iBattery_V285

iBattery_V286

iBattery_V289

inCloud Eye

V200R001C21

V2R1C30U1

ECC800

V100R001C10

ECC800 V100R002C00SPC200

V100R001C10SPC100

ECC500

V600R002C00

V600R002C00SPC200T

V600R002C00SPC300

V600R002C00SPC300T




An attacker can exploit this vulnerability to escalate the privilege levels to obtain administrator privilege.

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Temporal Score: 7.2 (E:F/RL:O/RC:C)

1.This vulnerability can be exploited only when the following conditions are present:

Local low level user access to the device

2.Vulnerability details:

Please refer to this link:

https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.

This vulnerability was discovered by Phil Oester.

2021-12-22 V1.7 UPDATED Updated the "Software Versions and Fixes" section
2021-01-20 V1.6 UPDATED Updated the "Software Versions and Fixes" section
2020-06-24 V1.5 UPDATED Updated the "Software Versions and Fixes" section
2017-05-31 V1.4 UPDATED Updated the "Software Versions and Fixes" section
2017-02-22 V1.3 UPDATED Updated the "Software Versions and Fixes" section
2017-01-18 V1.2 UPDATED Updated the "Software Versions and Fixes" section
2016-12-21 V1.1 UPDATED Updated the "Software Versions and Fixes" section
2016-12-07 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.