Google has released a patch for Android to address a Linux kernel vulnerability disclosed earlier this week by Perception Point, but the search giant believes the number of affected devices is smaller than initially reported.
Perception Point revealed on Tuesday that millions of Linux PCs and servers, and roughly two-thirds of Android smartphones and tablets could be affected by a local privilege escalation flaw (CVE-2016-0728) that allows an attacker to achieve kernel code execution and gain root privileges on the targeted system.
The vulnerability is related to the keyring, a facility that allows drivers to retain and cache security data, encryption and authentication keys, and other data in the kernel. The security bug, caused by a reference leak in the keyring, can be exploited by an attacker that has an account on the system, or is able to instruct the system to run code on their behalf.
The Israel-based security startup said the vulnerability impacts version 3.8 and later of the Linux kernel and Android devices running version 4.4 and later.
Many Linux distributions have already released patches to address the issue. Despite not being notified before the details of the vulnerability were disclosed, Google’s Android Security Team has also prepared a fix, which it released to open source and provided to its partners earlier this week.
“This patch will be required on all devices with a security patch level of March 1 2016 or greater,” Google’s Adrian Ludwig said in a post on Google+.
Ludwig says the company is investigating the impact of the flaw, but believes that Nexus devices are not vulnerable and devices with Android 5.0 and greater are protected by the SELinux policy, which prevents third party apps from reaching the buggy code. The search giant believes many devices running Android 4.4 and earlier are not affected since they don’t contain the problematic code.
According to Perception Point, while SELinux might make it more difficult to exploit the vulnerability, the protection can be bypassed. Furthermore, Red Hat’s advisory for the security bug says SELinux does not mitigate the issue.
Some experts said the Linux PoC exploit released by Perception Point is stable, but others could not get it to work properly. The security firm said it takes roughly 30 minutes to run the exploit on an Intel Core i7-5500 CPU, but noted that time is usually not an issue when it comes to privilege escalation exploits. A PoC exploit for Android has yet to be released.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
Latest News
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023: Regulations
- Cyber Insights 2023: Ransomware
- Cyber Insights 2023: Quantum Computing and the Coming Cryptopocalypse
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
