Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Linux Kernel Flaw Puts Millions of Devices at Risk

A local privilege escalation vulnerability introduced in the Linux kernel in 2012 exposes tens of millions of Linux PCs and servers, and roughly two-thirds of phones and tablets running Android to malicious attacks.

A local privilege escalation vulnerability introduced in the Linux kernel in 2012 exposes tens of millions of Linux PCs and servers, and roughly two-thirds of phones and tablets running Android to malicious attacks.

The vulnerability, identified as CVE-2016-0728, was discovered recently by researchers at Israel-based security startup Perception Point. The flaw affects version 3.8 and later of the Linux kernel, and allows an attacker to achieve kernel code execution and gain root privileges on the targeted system.

Perception Point and the Linux kernel security team said they haven’t seen exploits designed to target this vulnerability in the wild.

The security bug is related to the keyring, a facility that allows drivers to retain and cache security data, encryption and authentication keys, and other data in the kernel. These objects can be managed by userspace programs via available system call interfaces.

“Function join_session_keyring in security/keys/process_keys.c holds a reference to the requested keyring, but if that keyring is the same as the one being currently used by the process, the kernel wouldn’t decrease keyring->usage before returning to userspace. The usage field can be possibly overflowed causing use-after-free on the keyring object,” Red Hat wrote in its bug report.

The developers of popular Linux distributions are working on addressing the vulnerability and users are advised to install the patches as soon as they become available. In the meantime, Perception Point noted that security features such as Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP), and the SELinux security module in the case of Android make exploitation of the vulnerability more difficult.

Even after the patches are released, it will likely take some time until they are installed on all Linux machines.

Advertisement. Scroll to continue reading.

In the case of Android, many devices will probably never receive the fix. Some device manufacturers, such as Google and Samsung, have started pushing out regular security updates, which are easier to install in more recent versions of Android. However, patches for devices running older versions of Android are few and far between, and installing them is not always easy for regular users.

Perception Point has published the technical details of the vulnerability and a proof-of-concept exploit.

Related: Critical ‘Ghost’ Vulnerability Impacts Linux Systems

Related: Password Bypass Flaw Found in GRUB2 Linux Bootloader

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.