Palo Alto Networks Security Advisories / CVE-2016-5195

CVE-2016-5195 Kernel Vulnerability

Severity 7.8 · HIGH
Attack Vector LOCAL
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH


A vulnerability exists in the kernel of PAN-OS that may result in an elevation of privilege. This issue is publicly known as Dirty COW (ref # PAN-68074 / CVE-2016-5195).

PAN-OS may be impacted by the Dirty COW (CVE-2016-5195) attack. A race condition was found in the way the Linux kernel's memory subsystem handles the copy-on-write breakage of private read-only memory mappings. An attacker would first require access to a shell on the device before they could use this exploit. Shell access is significantly restricted on the device. The Command Line Interface (CLI) is not shell access and therefore this issue cannot be exploited by the CLI.

This issue affects PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1, PAN-OS 7.0.13, PAN-OS 7.1.7 and earlier

Product Status

PAN-OS 7.1<= 7.1.7>= 7.1.8
PAN-OS 7.0<= 7.0.13>= 7.0.14
PAN-OS 6.16.1.*
PAN-OS 6.06.0.*
PAN-OS 5.15.1.*


CVSSv3.1 Base Score:7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


PAN-OS 7.0.14 and later, PAN-OS 7.1.8 and later

Workarounds and Mitigations

Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.

© 2023 Palo Alto Networks, Inc. All rights reserved.