Update on Dec 01, 2016:
Oracle has provided a solution for the "Dirty COW" (CVE-2016-5195) on Exadata - which is delivered as a complete patch 18.104.22.168.3.161109
It is important to apply 22.214.171.124.3 with the 161109 build date as there were earlier build dates for this release and they do not resolve the "Dirty COW" vulnerability.
Exadata 126.96.36.199.3 release and patch (24441458) (Doc ID 2181366.1)
See Note 1270094.1 for additional fixes that address critical issues.
|188.8.131.52.3||Patch 24441458 - Storage server and InfiniBand switch software (184.108.40.206.3.161109)|
Patch 24669306 - Database server bare metal / domU ULN exadata_dbserver_220.127.116.11.3_x86_64_base OL6 channel ISO image (18.104.22.168.3.161109)
Patch 24669307 - Database server dom0 ULN exadata_dbserver_dom0_22.214.171.124.3_x86_64_base OVM3 channel ISO image (126.96.36.199.3.161109)
Supplemental README Note 2181366.1
188.8.131.52.3 was updated from 184.108.40.206.3.161013 to 220.127.116.11.3.161109 to include important fixes. See the fix list in patch 24441458 for details.
Original article below
Since almost all Exadata, Exalogic and ZDLRA machines in the world are running on Oracle Linux they could be vulnerable to the CVE-2016-5195 which exploits access elevation during Copy On Write operations - hence the Dirty COW nickname.
This vulnerability became widely known in mid-October 2016 and according to the sources like Risk Assessment | Ars Technica UK the current state of the appropriate patch development is as following:
"The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important.""
The dangers of this vulnerability is also described on Risk Assessment | Ars Technica UK as following
"As their names describe, privilege-escalation or privilege-elevation vulnerabilities allow attackers with only limited access to a targeted computer to gain much greater control. The exploits can be used against Web hosting providers that provide shell access, so that one customer can attack other customers or even service administrators. Privilege-escalation exploits can also be combined with attacks that target other vulnerabilities. A SQL injection weakness in a website, for instance, often allows attackers to run malicious code only as an untrusted user. Combined with an escalation exploit, however, such attacks can often achieve highly coveted root status."
Oracle has already categorized this vulnerability as of October 21, 2016 and RPMs that include the fix for this CVE have been released as well.
Please refer to this page to get up to the minute update (and the patched RPMs) for this vulnerability linux.oracle.com | CVE-2016-5195
Depending on your Exadata bundle patch level the Oracle Linux kernel version would either 6 (hopefully ) or 5, so please look for the appropriate errata links on the page above.
Update on 10/27:
The main page that tracks this vulnerability linux.oracle.com | CVE-2016-5195 is getting more updates pretty much daily now.
Updated RPMs that are mentioned there you could be found at https://oss.oracle.com/sources/ under the Oracle 5 or Oracle 6 links.
Additionally, for the current Exadata, Exalogic and ZDLRA patch levels , which assumes OEL 6, the following MOS document could be used as wellff
Oracle Linux 6: Reference Index of Security Vulnerability Bug fixes, CVE IDs and Oracle Linux Errata (Doc ID 2112930.1)
Customers may find status of fixes for CVEs for Oracle Linux through our Unbreakable Linux Network (ULN). Please refer to Oracle Support Document 1593465.1 "Unbreakable Linux Network (ULN) Administrative Features for Errata and CVEs"
This listing is sorted by the date of publication by Oracle.
|Errata Date||Component||CVE ID||Errata|
|25-Oct-2016||Kernel-2.6.32||CVE-2016-5195 (dirty COW)||ELSA-2016-2105|
|21-Oct-2016||Kernel-UEK-2.6.39||CVE-2016-5195 (dirty COW)||ELSA-2016-3634|
|21-Oct-2016||Kernel-UEK-3.8.13||CVE-2016-5195 (dirty COW)||ELSA-2016-3633|
|21-Oct-2016||Kernel-UEK-4.1.12||CVE-2016-5195 (dirty COW)||ELSA-2016-3632|