Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Linux Kernel Flaw Puts Millions of Devices at Risk

A local privilege escalation vulnerability introduced in the Linux kernel in 2012 exposes tens of millions of Linux PCs and servers, and roughly two-thirds of phones and tablets running Android to malicious attacks.

A local privilege escalation vulnerability introduced in the Linux kernel in 2012 exposes tens of millions of Linux PCs and servers, and roughly two-thirds of phones and tablets running Android to malicious attacks.

The vulnerability, identified as CVE-2016-0728, was discovered recently by researchers at Israel-based security startup Perception Point. The flaw affects version 3.8 and later of the Linux kernel, and allows an attacker to achieve kernel code execution and gain root privileges on the targeted system.

Perception Point and the Linux kernel security team said they haven’t seen exploits designed to target this vulnerability in the wild.

The security bug is related to the keyring, a facility that allows drivers to retain and cache security data, encryption and authentication keys, and other data in the kernel. These objects can be managed by userspace programs via available system call interfaces.

“Function join_session_keyring in security/keys/process_keys.c holds a reference to the requested keyring, but if that keyring is the same as the one being currently used by the process, the kernel wouldn’t decrease keyring->usage before returning to userspace. The usage field can be possibly overflowed causing use-after-free on the keyring object,” Red Hat wrote in its bug report.

The developers of popular Linux distributions are working on addressing the vulnerability and users are advised to install the patches as soon as they become available. In the meantime, Perception Point noted that security features such as Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP), and the SELinux security module in the case of Android make exploitation of the vulnerability more difficult.

Even after the patches are released, it will likely take some time until they are installed on all Linux machines.

In the case of Android, many devices will probably never receive the fix. Some device manufacturers, such as Google and Samsung, have started pushing out regular security updates, which are easier to install in more recent versions of Android. However, patches for devices running older versions of Android are few and far between, and installing them is not always easy for regular users.

Advertisement. Scroll to continue reading.

Perception Point has published the technical details of the vulnerability and a proof-of-concept exploit.

Related: Critical ‘Ghost’ Vulnerability Impacts Linux Systems

Related: Password Bypass Flaw Found in GRUB2 Linux Bootloader

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.