0-day in Linux kernel endangers Linux servers, Android devices

A serious and pretty longstanding flaw in the Linux kernel has been recently discovered by researchers from infosec outfit Perception Point.

The vulnerability (CVE-2016-0728) is caused by a reference leak in the keyrings facility which is included in many different Linux distributions and in some Android versions (Android is based on Linux). It allows a local user – or, in Android’s case, a malicious mobile app – to escalate their privileges and gain root on the computer/mobile device.

The flaw exists in any Linux Kernel version 3.8 and higher, and Android 4.4 (“KitKat”) and higher.

Even though exploitation of the flaw is “straightforward”, the researchers say that SMEP (Supervisor Mode Execution Protection) and SMAP (Supervicor Mode Access Protection) will make it difficult to exploit on Linux servers, and SELinux will offer some protection on Android devices.

“While the vulnerability has existed since 2012, our team discovered the vulnerability only recently, disclosed the details to the Kernel security team, and later developed a proof-of-concept exploit,” the company explained.

“While neither us nor the Kernel security team have observed any exploit targeting this vulnerability in the wild, we recommend that security teams examine potentially affected devices and implement patches as soon as possible.”

More technical details about the bug can be found here, along with the PoC exploit code.

It will hopefully take little time for the security teams of the various affected Linux distros to push out a patch, but there is no auto update for the kernel, so the flaw may linger for a while – server admins should do well to patch as soon as possible.

When it comes to patching Android, Google is yet to comment on this new revelation, and carriers and manufacturers usually take a while to push out updates. Again, the patching of this bug may take awhile.