VMware cleans up after Dirty COW's droppings
Identity Manager and vRealize users, get patching. Or praying
VMware's received an unwelcome deposit from the Dirty COW Linux kernel local privilege escalation vulnerability.
As revealed in a new security advisory, “The Linux kernel which ships with the base operating system of VMware Appliances contains a race condition in the way its memory subsystem handles copy-on-write (aka “Dirty COW”).”
“Successful exploitation of the vulnerability may allow for local privilege escalation.”
VMware Identity Manager 2.x has the problem, as does vRealize Automation 6.x and 7.x.
vRealize Operations 5.x through 6.3 on Windows, Linux and virtual appliances also also needs a fix. Versions 6.03 through 6.30 have fixes explained in their own knowledge base articles listed at the advisory we've linked to above.
All the other products we've mentioned have patches pending.
News of Dirty COW's droppings in its products is VMware's 18th security advisory for the calendar year, a small number compared to software rivals. VMware can also point to just two impacting vCenter and one ESXi, with the rest impacting less-critical products.
The Dirty COW problem is rated “Important”, so between the imminent delivery of patches for some software and the severity rating, vAdmins will probably have this weekend free to ponder Donald Trump's America. ®