Raspberry Pi users need to update the kernel immediately

Oct 26, 2016 10:20 GMT  ·  By

Raspberry Pi Foundation announced a few minutes ago, October 26, 2016, that a patched kernel is now available for the Debian-based Raspbian GNU/Linux distribution for Raspberry Pi devices to address the "Dirty COW" bug.

We believe that by now every single one of you is aware of the fact that a nasty security flaw was present in the Linux kernel and could have allowed a local attacker to gain administrative privileges (root access) on a vulnerable system. The flaw was patched recently by Linus Torvalds himself and the fix was pushed to almost all supported kernel branches, including Linux 4.8, 4.4, 4.1, 3.18, 3.16, 3.12, 3.10, and 3.2.

And guess what, not only Linux desktops and servers or Android smartphones and tablets are affected by the issue, but any device that runs an operating system powered by the Linux kernel. Raspberry Pi devices have their own official GNU/Linux distribution called Raspbian, currently based on Debian GNU/Linux 8 "Jessie" (Debian Stable), which was patched upstream against the "Dirty COW" bug.

"You may have seen the news recently about a bug in the Linux kernel called Dirty COW - it’s a vulnerability that affects the 'copy-on-write' mechanism in Linux, which is also known as COW," said Rob Zwetsloot, Editor for The MagPi. "This bug can be used to gain full control over a device running a version of Linux, including Android phones, web servers, and even the Raspberry Pi."

Here's how to update the kernel if you're running Raspbian

Therefore, if your Raspberry Pi 2, Raspberry Pi 3, or Raspberry Pi Zero single-board computer (SBC) is running the Raspbian operating system, you should know that a kernel update has been released today, fully patched against the "Dirty COW" vulnerability, and you can get it right now by executing the following two commands in a terminal emulator.

sudo apt-get update
sudo apt-get install raspberrypi-kernel
As with any new kernel update, you'll have to reboot your Raspberry Pi device as soon as the new version was successfully installed. The latest version of the Raspbian operating system, 2016-09-23, is available for download right now via our website and is powered by the long-term supported Linux 4.4 kernel. A Lite version is available as well from the official homepage.