Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Downplays Impact of Linux Kernel Flaw on Android

Google has released a patch for Android to address a Linux kernel vulnerability disclosed earlier this week by Perception Point, but the search giant believes the number of affected devices is smaller than initially reported.

Google has released a patch for Android to address a Linux kernel vulnerability disclosed earlier this week by Perception Point, but the search giant believes the number of affected devices is smaller than initially reported.

Perception Point revealed on Tuesday that millions of Linux PCs and servers, and roughly two-thirds of Android smartphones and tablets could be affected by a local privilege escalation flaw (CVE-2016-0728) that allows an attacker to achieve kernel code execution and gain root privileges on the targeted system.

The vulnerability is related to the keyring, a facility that allows drivers to retain and cache security data, encryption and authentication keys, and other data in the kernel. The security bug, caused by a reference leak in the keyring, can be exploited by an attacker that has an account on the system, or is able to instruct the system to run code on their behalf.

The Israel-based security startup said the vulnerability impacts version 3.8 and later of the Linux kernel and Android devices running version 4.4 and later.

Many Linux distributions have already released patches to address the issue. Despite not being notified before the details of the vulnerability were disclosed, Google’s Android Security Team has also prepared a fix, which it released to open source and provided to its partners earlier this week.

“This patch will be required on all devices with a security patch level of March 1 2016 or greater,” Google’s Adrian Ludwig said in a post on Google+.

Ludwig says the company is investigating the impact of the flaw, but believes that Nexus devices are not vulnerable and devices with Android 5.0 and greater are protected by the SELinux policy, which prevents third party apps from reaching the buggy code. The search giant believes many devices running Android 4.4 and earlier are not affected since they don’t contain the problematic code.

According to Perception Point, while SELinux might make it more difficult to exploit the vulnerability, the protection can be bypassed. Furthermore, Red Hat’s advisory for the security bug says SELinux does not mitigate the issue.

Some experts said the Linux PoC exploit released by Perception Point is stable, but others could not get it to work properly. The security firm said it takes roughly 30 minutes to run the exploit on an Intel Core i7-5500 CPU, but noted that time is usually not an issue when it comes to privilege escalation exploits. A PoC exploit for Android has yet to be released.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.