Exploit Paths
Grounded case

Dirty COW: state window to privilege gain

A race condition created a narrow state window that could be used to gain administrative privileges. This is the clearest grounded case for sequencing and timing manipulation in the current project.

Path at a glance

How this route unfolds.

Starting condition

The attacker can interact with a memory-management path that checks one state and later acts on another.

Capability shift

A race condition creates a narrow state window where the system's stale assumption can be violated.

Boundary effect

That timing-sensitive window lets the attacker influence behavior beyond what the original state should have allowed.

Strongest outcome

The route survives toward administrative privilege gain.

Case metadata

Linux kernel

Primary CVE
CVE-2016-5195
Strongest primitive

Sequencing manipulation

Strongest outcome

Administrative privilege gain

  • It broadens the case surface beyond route and reference-control examples.
  • It makes state-window abuse legible as a first-class path role instead of leaving it as an abstract library term.
  • It shows that exploit paths can hinge on timing and order, not only on what resource becomes reachable.
Actors and objects

What is in play.

Attacker-facing surface

The relevant surface is not a public route but an interaction with kernel behavior that can be raced under the right conditions.

Reachable objects

Memory or state transitions that should have remained consistent across the check and use phases.

Trust and execution spheres

The route matters because it crosses from a lower-privilege position into administrative effect by exploiting a stale assumption in the system's state handling.

Framework mapping

How this case maps into the model.

Primitive families

Sequencing manipulation

Path roles

Leverage gain / State-window abuse

Outcome classes

Privileged action

  • Sequencing manipulation is the core primitive because the exploit depends on state and order rather than on direct reference control.
  • State-window abuse is the key path role because the route survives only by exploiting a brief mismatch between check and action.
  • This case broadens the framework by showing that exploit paths can turn on temporal inconsistency, not just reachable resources.
Qualifiers

What makes the route stay weak or get stronger.

  • The route depends on a narrow timing window and is therefore structurally different from the path and route-control examples.
  • Its value in the library is not that it resembles traversal, but that it proves the model can also express timing-sensitive privilege routes.
  • The case is strongest when it is explained as a state-window problem rather than as a generic race-condition label.
Source links

Trace the public record.

Ubuntu CVE page for CVE-2016-5195

https://ubuntu.com/security/cve-2016-5195

 CVE record for CVE-2016-5195

https://www.cve.org/CVERecord?id=CVE-2016-5195
Back to reference Browse cases