Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Downplays Impact of Linux Kernel Flaw on Android

Google has released a patch for Android to address a Linux kernel vulnerability disclosed earlier this week by Perception Point, but the search giant believes the number of affected devices is smaller than initially reported.

Google has released a patch for Android to address a Linux kernel vulnerability disclosed earlier this week by Perception Point, but the search giant believes the number of affected devices is smaller than initially reported.

Perception Point revealed on Tuesday that millions of Linux PCs and servers, and roughly two-thirds of Android smartphones and tablets could be affected by a local privilege escalation flaw (CVE-2016-0728) that allows an attacker to achieve kernel code execution and gain root privileges on the targeted system.

The vulnerability is related to the keyring, a facility that allows drivers to retain and cache security data, encryption and authentication keys, and other data in the kernel. The security bug, caused by a reference leak in the keyring, can be exploited by an attacker that has an account on the system, or is able to instruct the system to run code on their behalf.

The Israel-based security startup said the vulnerability impacts version 3.8 and later of the Linux kernel and Android devices running version 4.4 and later.

Many Linux distributions have already released patches to address the issue. Despite not being notified before the details of the vulnerability were disclosed, Google’s Android Security Team has also prepared a fix, which it released to open source and provided to its partners earlier this week.

“This patch will be required on all devices with a security patch level of March 1 2016 or greater,” Google’s Adrian Ludwig said in a post on Google+.

Ludwig says the company is investigating the impact of the flaw, but believes that Nexus devices are not vulnerable and devices with Android 5.0 and greater are protected by the SELinux policy, which prevents third party apps from reaching the buggy code. The search giant believes many devices running Android 4.4 and earlier are not affected since they don’t contain the problematic code.

According to Perception Point, while SELinux might make it more difficult to exploit the vulnerability, the protection can be bypassed. Furthermore, Red Hat’s advisory for the security bug says SELinux does not mitigate the issue.

Advertisement. Scroll to continue reading.

Some experts said the Linux PoC exploit released by Perception Point is stable, but others could not get it to work properly. The security firm said it takes roughly 30 minutes to run the exploit on an Intel Core i7-5500 CPU, but noted that time is usually not an issue when it comes to privilege escalation exploits. A PoC exploit for Android has yet to be released.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.