Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
Entry № 360

Dirty COW (CVE-2016-5195)

Reviewed byCybersecurity entrepreneur & security researcher

What is Dirty COW (CVE-2016-5195)?

Dirty COW (CVE-2016-5195)A 2016 Linux kernel race condition in the copy-on-write handling of memory mappings that lets a local user gain root by writing to read-only files.


Dirty COW (CVE-2016-5195) is a race condition in the Linux kernel's memory subsystem that affected most kernel versions from 2007 through 2016. An attacker repeatedly races the kernel's copy-on-write logic against a madvise/MADV_DONTNEED call, eventually causing a write to a private mapping to land in the underlying read-only file. Combined with writable suid binaries or /etc/passwd, this yields reliable local privilege escalation to root. The flaw affected servers, desktops, embedded devices and Android, and was used in real attacks (including the ZNIU Android malware). Defences: upgrade to a kernel containing the fix (4.8.3, 4.7.9, 4.4.26 or later distribution patch), and on Android install the November 2016 security level.

Examples

  1. 01

    Local user overwriting /etc/passwd to add a root account via Dirty COW.

  2. 02

    ZNIU Android malware using Dirty COW to root devices and install a backdoor.

Frequently asked questions

What is Dirty COW (CVE-2016-5195)?

A 2016 Linux kernel race condition in the copy-on-write handling of memory mappings that lets a local user gain root by writing to read-only files. It belongs to the Vulnerabilities category of cybersecurity.

What does Dirty COW (CVE-2016-5195) mean?

A 2016 Linux kernel race condition in the copy-on-write handling of memory mappings that lets a local user gain root by writing to read-only files.

How do you defend against Dirty COW (CVE-2016-5195)?

Defences for Dirty COW (CVE-2016-5195) typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for Dirty COW (CVE-2016-5195)?

Common alternative names include: CVE-2016-5195, Linux COW race.

Related terms