[Security] - Consumer AP's and DirtyCOW

[sfx2000]

Expect a round of firmware updates to sort the Copy on Write Bug... devices with WebGUI's and dnsmasq do have some concern here. The patch to the kernel is simple enough, but QA testing might take some time - I'd advise contacting the OEM for details for factory firmware.

Third-Party FW might be ahead of the OEM's in this regard.

Anyways, because of the monolithic nature of most consumer AP firmware, they'll have to do a full image, rather than just patch the kernel itself...

(most linux desktop distro's, and even RasbPI have issued updates, and this doesn't impact BSD oriented devices like the Airport series or the BSD based pfSense)

For Android and ChromeOS devices - it's an issue, and there, it's the same as consumer AP's as this is a kernel bug... again, seek advice from OEM's

 

[RMerlin]

Third-Party FW might be ahead of the OEM's in this regard.

merlin@ubuntu-dev:~/asuswrt$ git log --grep "CVE-2016-5195"
commit f9aa712b43c36a7817f92d7e3cf31ca5a9ad077c
Author: Joseph A. Yasi <joe.yasi@gmail.com>
Date:   Sat Oct 22 00:17:37 2016 -0400

    kernel-mips: Patch the 2.6.22.19 kernel against CVE-2016-5195
 
    Add FOLL_FORCE and FOLL_COW flags.
    Backport fix from 3.2.83

commit 7a95789b39633bb660a234247fbf5292eacd68bd
Author: blackfuel <blackfuel@hmamail.com>
Date:   Fri Oct 21 16:39:03 2016 -0400

    kernel-arm: Patched all three 2.6.36 kernels against CVE-2016-5195 (Closes #1066)

The risk is quite minimal on typical home gateways however, since they already run most services as UID 1...