www.huawei.com
Open in
urlscan Pro
2a02:26f0:6c00:29e::2c15
Public Scan
Submitted URL: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
Effective URL: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
Submission: On November 25 via api from PL — Scanned from DE
Effective URL: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
Submission: On November 25 via api from PL — Scanned from DE
Form analysis 1 forms found in the DOM
POST /en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
<form method="post" action="/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en" id="form1">
<div class="aspNetHidden">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="obyfklN5KTCE+RPyVTYpcF9lobkkknXvsdBAkm87C1BN0veqkzgelp0y1bwBNeZSVMy5Rq2Zf3JCBUT+RkBzGR37nLx3bUt13x8scxucYHXBPCN/j0EXmOQ0KKpdisC7bm0z5g==">
</div>
</form>Text Content
This site uses cookies. By continuing to browse the site you are agreeing to our
use of cookies. Read our privacy policy
Corporate Worldwide Log in My Huawei Log out
Back to Main Menu
Huawei Websites
Corporate Corporate news and information Consumer Phones, laptops, tablets,
wearables & other devices Enterprise Enterprise products, solutions & services
Carrier Products, solutions & services for carrier networks Huawei Cloud Cloud
products, solutions & services
SELECT A COUNTRY OR REGION
* Australia - English
* Belarus - Pусский
* Brazil - Portuguese
* Canada - English
* China - 简体中文
* France - Français
* Germany - Deutsch
* Ireland - English
* Italy - Italiano
* Japan - 日本語
* Kazakstan - Pусский
* Kenya - English
* Korea - 한국어
* Malaysia - English
* Mexico - Español
* New Zealand - English
* Netherlands - Dutch
* Romania - Română
* Russia - Pусский
* South Africa - English
* Spain - Español
* Switzerland - English
* Thailand - ภาษาไทย
* Turkey - Türkiye
* Ukraine - Українська
* United Kingdom - English
* United States - English
* Uzbekistan - Pусский
* Uzbekistan - O’zbek
* Vietnam - Tiếng Việt
* Global- English
Toggle Navigation
* Consumer Products
Back to Main Menu
Consumer Products
* Phones
* Laptops
* Tablets
* Wearables
* Audio
* Routers
* EMUI
* Accessories
* All Products
Consumer Website
* Business Products
Back to Main Menu
Business Products
PRODUCTS
CONNECTIVITY
* Carrier Network
* Enterprise Wireless
* Enterprise Networking
* Enterprise Optical Transmission & Access
CLOUD & COMPUTING
* Huawei Cloud
* Intelligent Computing
* Data Storage
* Intelligent Vision
* Intelligent Collaboration
* Ascend Computing
SERVICES
* Services & Software for Carrier Networks
* Smart Services for Enterprises
* Huawei Cloud Migration Service
INDUSTRY SOLUTIONS
* Industry Solutions by Huawei Cloud
* Telecommunications
* Smart City
* Education
* Finance
* Internet Service Provider
* Manufacturing
* See More
Enterprise Website
Carrier Website
Huawei Cloud Website
* Support
Back to Main Menu
Support
CONSUMER SUPPORT
* Find Service Center
* Product Support
* Product Environmental Information
* Call Us
* Email Us
* See More
HUAWEI CLOUD SUPPORT
* Self Service
* Service Assurance
* Support Plans
* Public Notices
* Feedback
* See More
ENTERPRISE SUPPORT
* Online Support
* Product Support
* Software Download
* Community
* Tools
* See More
CARRIER SUPPORT
* Product Support
* Group Space
* Bulletins
* Documentation Express
* HedEx Lite
* See More
* Partners & Developers
Back to Main Menu
Partners & Developers
PARTNERS
* Become Partner
* Find a Partner
* Enterprise Marketplace
* Huawei Cloud Marketplace
* Technical Certification
* Become Consumer Products Partner
* See More
TRAINING & CERTIFICATION
* Learning
* Huawei Certification
* Enterprise Training
* ICT Academy
* HUAWEI CLOUD Academy
* See More
CLOUD & AI DEVELOPERS
* Huawei Cloud
* Ascend
MOBILE DEVELOPERS
* Develop
* Distribute
* Monetize
* Developer Forum
* Programs
* See More
* About Huawei
Back to Main Menu
About Huawei
ABOUT US
* Our Company
* Annual Reports
* Corporate Governance
* Compliance and Integrity
* Executives
* Careers
* Sustainability
* Trust Center
* Industry Analysts
* Bond Investors
* Public Policy
* Suppliers
NEWS & EVENTS
* News
* Events
* Gallery
* Huawei Facts
EXPLORE MORE
* Huawei Technology
* Publications
* Huawei Blog
* Buy
Back to Main Menu
Buy
* Huawei Cloud
Hot Search
* Huawei Mate 40 Pro
* 5G
* Matebook
* HiSuite
* Tablet
* p50
* Watch
Buy
* Huawei Cloud
SEARCH HISTORY
Hot Search
* Huawei Mate 40 Pro
* 5G
* Matebook
* HiSuite
* Tablet
* p50
* Watch
SECURITY ADVISORY - DIRTY COW VULNERABILITY IN HUAWEI PRODUCTS
* SA No:huawei-sa-20161207-01-dirtycow
* Initial Release Date: Dec 07, 2016
* Last Release Date: Jan 20, 2021
Summary
In the morning of October 21th, 2016, a security researcher Phil Oester
disclosed a local privilege escalation vulnerability in Linux kernel.
A race condition was found in the way the Linux kernel's memory subsystem
handled the copy-on-write (COW) breakage of private read-only memory mappings.
An unprivileged local user could exploit this vulnerability to gain write access
to otherwise read-only memory mappings and thus obtain the highest privileges on
the system. (Vulnerability ID: HWPSIRT-2016-10050)
This vulnerability has been assigned a Common Vulnerabilities and Exposures
(CVE) ID: CVE-2016-5195.
Huawei has released software updates to fix this vulnerability. This advisory is
available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
Software Versions and Fixes
Product Name
Affected Version
Resolved Product and Version
5288 V3
V100R003C00
V100R003C00SPC702
9032
V100R001C00
V100R001C00SPC205
V100R001C00SPC101
V100R001C00SPC200
AC6605
V200R006C00
v2r7c10
Agile Controller-Campus
V100R002C00
V100R002C10SPC405
V100R002C10
V100R002C10SPC400
V100R002C10SPC403
Austin
V100R001C10B290
V100R001C10B750SPC007
V100R001C10B680
V100R001C20B110
V100R001C20B210SPC005
V100R001C30
V100R001C30B256
V100R001C50
V100R001C50B090
BH620 V2
V100R002C00
V100R001C00SPC206
BH621 V2
V100R002C00
V100R002C00SPC403
BH622 V2
V100R002C00
V100R002C00SPC403
BH640 V2
V100R002C00
V100R002C00SPC403
Balong GU
V800R200C50B200
V800R200C52B300SPC005
V800R200C55B200
V800R200C55B355SPC001
Balong GUL
V700R110C30
V700R110C30B323
V700R110C31
V700R200C00
V700R200C00B317
V700R220C30
V700R220C30B233
V700R500C30
V700R500C30B325
V700R500C31
V700R500C31B187
CH121 V3
V100R001C00
V100R001C00SPC205
CH140 V3
V100R001C00
V100R001C00SPC126
CH220 V3
V100R001C00
V100R001C00SPC203
CH222 V3
V100R001C00
V100R001C00SPC205
CH225 V3
V100R001C00
V100R001C00SPC103
CH226 V3
V100R001C00
V100R001C00SPC125
Carrier-eLog
V200R003C10
elog V2R5C00SPC200
Chicago
V100R001C10
V100R001C10B505
CloudOpera CSM
SysTool(OSUpgrade)V200R016C10SPC100
CSM CSMV200R17C10SPC100
SysTool(OSUpgrade)V200R016C10SPC100B021
V200R016C10SPC600
Dallas
V100R001C10
V100R001C10B290SPC005
E5573
E5573s-320TCPU-V200R001B180D11SP00C00
E5573s-320TCPU-V200R001B323D05SP00C00
E5878s-32
E5878s-32TCPU-V200R001B280D01SP05C00
E5878s E5878s-32TCPU-V200R001B316D15SP00C00
E6000 Chassis
V100R001C00
V100R001C00SPC601
Enterprise Service Solution EIDC
V100R001C60
V100R001C60LHBM31
FusionCompute
V100R003C10SPC600
V100R006C10RC1
V100R005C00
V100R005C10
V100R005C10U1_B1075917
FusionCube
V100R002C60RC1
V100R002C60SPC100
FusionManager
FusionManager V100R005C00
FusionManager V100R006C00
FusionManager V100R005C10
V100R003C00
V100R006C00
V100R003C10
V100R005C00
V100R005C00SPC100
V100R005C00SPC200
V100R005C00SPC300
V100R005C10
V100R005C10SPC300
V100R005C10SPC500
V100R005C10SPC700
V100R005C10SPC703
V100R005C10SPC720T
V100R005C10U1_B1075133
V100R005C10U2
FusionSphere OpenStack
V100R005C00
V100R006C00SPC101
V100R005C10
V100R005C10SPC500
V100R005C10SPC700
V100R005C10U20
V100R005C10U30
V100R006C00
V100R006C00RC1
FusionStorage Block
V100R003C00
V100R003C30U2SPC001
V100R003C02
V100R003C30
FusionStorage Object
V100R002C00
V1R2C01LHWS02U1SPC1
V100R002C01
HiDPTAndroid
HiDPTAndroidV200R001C00
HiDPTAndroidV200R001SPC122
V300R001C00
HiDPTAndroidV300R001C01SPC050
HiSTBAndroid
HiSTBAndroidV600R003C00SPC010
HiSTBAndroidV600R003C00SPC020
Huawei solutions for SAP HANA
V100R001C00
V100R001C01SPC104
IPC6112-D
V100R001C10
IPC Module V200R003C00SPC100
IPC6122-D
V100R001C10
V100R001C10SPC306
IPC6611-Z30-I
V100R001C00
V100R001C00SPC306
KII-L21
KII-L21C02B131CUSTC02D002
KII-L21C02B140CUSTC02D001
KII-L21C10B130CUSTC10D003
KII-L21C10B150CUSTC10D003
KII-L21C10B140CUSTC10D004
KII-L21C185B130CUSTC185D002
KII-21 KII-21C185B150CUSTC185D001
KII-L21C185B140CUSTC185D004
KII-L21C185B310CUSTC185D004
KII-L21C185B321CUSTC185D001
KII-L21C464B130
KII-L21C464B140
KII-L21C629B130CUSTC629D004
KII-L21C629B140CUSTC629D001
KII-L21C636B130CUSTC636D002
KII-L21C636B160CUSTC636D001
KII-L21C636B140CUSTC636D004
KII-L21C636B150CUSTC636D005
KII-L21C636B310CUSTC636D001
KII-L21C636B330CUSTC636D002
KII-L21C636B320CUSTC636D001
KII-L21C900B122
KII-L21C900B130
KII-L21C96B130
KII-L21C96B140CUSTC96D004
OTA-KII-L21C02B131CUSTC02D002
OTA-KII-L21C02B140CUSTC02D001
OTA-KII-L21C185B140CUSTC185D004
OTA-KII-L21C185B150CUSTC185D001
OTA-KII-L21C185B310CUSTC185D004
KII-L21C185B321CUSTC185D001
OTA-KII-L21C636B140CUSTC636D004
OTA-KII-L21C636B160CUSTC636D001
OTA-KII-L21C636B310CUSTC636D001
KII-L21C636B330CUSTC636D002
OTA-KII-L21C636B320CUSTC636D001
OTA-KII-L21C636B330CUSTC636D002
L2800
V100R001C00SPC200
V100R001C00SPC301
LogCenter
V100R001C10
V1R1C20
OTA-
KII-L21C636B150CUSTC636D005
OTA-KII-L21 OTA-KII-L21C636B160CUSTC636D001
OceanStor Backup Software
V100R002C00
OceanStor BCManager V200R001C00SPC201B016
V100R002C00LHWS01_P385795
V100R002C00SPC200
V200R001C00
V200R001C00SPC200
OceanStor CSE
V100R001C01SPC103
V100R002C00LSFM01SPC109
V100R001C01SPC106
V100R001C01SPC109
V100R001C01SPC112
V100R002C00LSFM01CP0001
V100R002C00LSFM01SPC101
V100R002C00LSFM01SPC102
V100R002C00LSFM01SPC106
OceanStor HDP3500E
V100R002C00
HDP3500E V100R003C00SPC505
V100R003C00
OceanStor HVS85T
V100R001C00
V100R001C30SPC201
V100R001C10
V100R001C30
OceanStor N8500
V200R001C09
OceanStor BCManager V200R001C00SPC201
V200R001C91
V200R001C91SPC900
OceanStor Onebox
V100R003C10
OceanStor CSE V100R002C00LSFM01SPC109
OceanStor ReplicationDirector
V200R001C00
OceanStor BCManager V200R001C00SPC201B013
Onebox Solution
V100R005C00
OceanStor CSE V100R002C00LSFM01SPC109
V1R5C00RC2
RH1288 V2
V100R002C00
V100R002C00SPC611
RH1288 V3
V100R003C00
V100R003C00SPC622
RH1288A V2
V100R002C00
V100R002C00SPC716
RH2285 V2
V100R002C00
V100R002C00SPC505
RH2285H V2
V100R002C00
V100R002C00SPC606
RH2288 V2
V100R002C00
V100R002C00SPC606
RH2288 V3
V100R003C00
V100R003C00SPC622
RH2288A V2
V100R002C00
V100R002C00SPC716
RH2288E V2
V100R002C00
V100R002C00SPC300
RH2288H V2
V100R002C00
V100R002C00SPC710
RH2288H V3
V100R003C00
V100R003C00SPC530
RH2485 V2
V100R002C00
V100R002C00SPC700
RH5885 V3
V100R003C01
V100R003C01SPC119
V100R003C10
V100R003C10SPC109
RH5885H V3
V100R003C00
V100R003C00SPC206
V100R003C10
V100R003C10SPC105
RH8100 V3
V100R003C00
V100R003C00SPC213
SMU(02B)
V300R002C10
SMU V500R002C20SPC961
V300R002C20
V300R003C00
V300R003C10
V300R003C91
V300R003C93
V500R001C00
V500R001C10
V500R001C20
SMU(02C)
V500R001C20
SMU V500R003C00SPC031
V500R001C30
V500R001C50
V500R001C60
V500R002C00
V500R002C10
V500R002C20
V500R002C30
V500R002C50
SMU(02S)
V500R001C50
SMU V500R003C00SPC031
V500R001C60
V500R002C00
V500R002C10
V500R002C20
V500R002C30
UPS2000
V100R001C00
V100R021C92SPC050
V100R001C10
V100R001C34
V100R002C02
V200R001C01
V200R001C31
UPS5000
V100R001C00
V100R003C01SPC408
V100R001C08
V100R001C10
V100R001C37
V100R001C39
V100R002C00
V100R003C01SPC410
V100R002C04
V100R003C01SPC408
V100R002C11
V100R003C01SPC410
V100R002C15
V100R003C01SPC408
V100R002C34
V100R002C41
V100R002C41SPC601
V100R003C00
V100R003C01SPC408
V100R003C01
V100R003C03
V300R001C90
V300R002C00
V100R002C41SPC601
V1300N
V100R002C02
VCN3010 V100R002C50
VCM
V100R001C00
VCM5010 V100R002C50
V100R001C10
V100R001C20
X6000
V100R002C00
XH621 V2 V100R001C00SPC300 XH310 V2 V100R001C00SPC301 XH311 V2
V100R001C00SPC301 XH320 V2 V100R001C00SPC300 XH321 V2 V100R002C00SPC503
XH310 V3 V100R003C00SPC600
X6800
V100R003C00
XH620 V3 V100R003C00SPC615
eA680-208
V100R001C00
V100R001C00SPC100
eCloud CC
V100R001C01LSHU01
V100R001C01LPAT14
eLog
V200R003C10
elog V2R5C00SPC200
V200R003C20
eOMC910
V100R003C00
eOMC910_TD V100R003C00SPC200
eSight
V300R003C20
V300R003C20CP0062
V300R005C00SPC200
eSight Network
V300R006C00
V300R006C00SPC501
V300R007C00
V300R007C00SPC100
eSpace 8950
V200R003C00
V200R003C00SPCf00
eSpace IPC
V100R001C21
IPC6325-WD-VR V200R002C20SPC200
V200R001C01
V200R001C02
eSpace VCN3000
V100R001C01
VCN3010 V100R002C50
V100R002C00
V100R002C10
V100R002C20
iBattery
iBattery_V276
iBattery_V297B014 included in UPS5000 V300R002C10SPC401
iBattery_V281
iBattery_V285
iBattery_V286
iBattery_V289
inCloud Eye
V200R001C21
V2R1C30U1
Impact
An attacker can exploit this vulnerability to escalate the privilege levels to
obtain administrator privilege.
Vulnerability Scoring Details
The vulnerability classification has been performed by using the CVSSv3 scoring
system (http://www.first.org/cvss/specification-document).
Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 7.2 (E:F/RL:O/RC:C)
Technique Details
1.This vulnerability can be exploited only when the following conditions are
present:
Local low level user access to the device
2.Vulnerability details:
Please refer to this link:
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
Temporary Fix
None
Obtaining Fixed Software
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to
request the upgrades. For TAC contact information, please refer to Huawei
worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
Source
This vulnerability was discovered by Phil Oester.
Revision History
2021-01-20 V1.6 UPDATED Updated the "Software Versions and Fixes" section
2020-06-24 V1.5 UPDATED Updated the "Software Versions and Fixes" section
2017-05-31 V1.4 UPDATED Updated the "Software Versions and Fixes" section
2017-02-22 V1.3 UPDATED Updated the "Software Versions and Fixes" section
2017-01-18 V1.2 UPDATED Updated the "Software Versions and Fixes" section
2016-12-21 V1.1 UPDATED Updated the "Software Versions and Fixes" section
2016-12-07 V1.0 INITIAL
FAQs
None
Huawei Security Procedures
Huawei adheres to protecting the ultimate interests of users with best efforts
and the principle of responsible disclosure and deal with product security
issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability
information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send
it to PSIRT@huawei.com. For details, please visit
http://www.huawei.com/en/psirt/report-vulnerabilities.
Declaration
This document is provided on an "AS IS" basis and does not imply any kind of
guarantee or warranty, either express or implied, including the warranties of
merchantability or fitness for a particular purpose. In no event shall Huawei or
any of its directly or indirectly controlled subsidiaries or its suppliers be
liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages. Your use of the
document, by whatsoever means, will be totally at your own risk. Huawei is
entitled to amend or update this document from time to time.
ONLINE SERVICES
CONSUMER PRODUCTS
Gobal Service Hotline
Local Website
HUAWEI CLOUD
Sales: +852-800-931-122
Chatbot
ENTERPRISE
Global Service Hotline
Online Chat
CARRIER NETWORK
Global Service Hotline
Chatbot (iKnow)
All Contacts
Home /PSIRT /Security Advisories
ABOUT HUAWEI
* Our Company
* Sustainability
* Trust Center
* Executives
* Careers
* Suppliers
* See More
NEWS & EVENTS
* News
* Events
* Gallery
* Huawei Facts
EXPLORE HUAWEI
* Huawei Technology
* Publications
* Huawei Blog
PRODUCTS
* Consumer
* Enterprise
* Carrier
* Huawei Cloud
SUPPORT
* Consumer Support
* Huawei Cloud Support
* Enterprise Support
* Carrier Support
* Security Bulletins
* Huawei Cloud
* FusionSolar Smart PV
*
*
*
*
*
©2021 Huawei Technologies Co., Ltd.
* Contact
* Terms of Use
* Privacy
* Cookies