Zero-day Vulnerability in Linux

Hello all,

A Zero-day vulnerability has been discovered in the Linux kernel by Security researchers from Perception Point. This affects both the Linux operating system and the Android mobile OS and if exploited can give root access to the attackers. This vulnerability is dubbed (CVE-2016-0728).

This zero-day is a local privilege escalation vulnerability in the Linux kernel that originates from a reference leak in the keyring utility that is used to encrypt and store login information making it available for other applications and drivers. The researchers explained that keyring feature has the option to tinker with cryptographic keys or even replace them.

The vulnerability lets the attacker take advantage of this unnecessary feature and make the keyring application execute malicious code in the kernel.

Security researchers have informed the Linux team who will be deploying patches in the upcoming days.

Linux kernel has had this vulnerability since 2012. Any Linux PC running version 3.8 or higher of the Linux kernel is vulnerable, regardless of whether it’s a 32-bit or 64-bit architecture.

All Android devices running KitKat or higher which accounts for over two thirds of Android devices are also affected. Google built the Android OS on top of an older version of the Linux kernel and that’s why Android is affected by this.

Linux OS versions that deploy the SMEP (Supervisor Mode Execution Protection) and SMAP (Supervisor Mode Access Protection) make exploiting this vulnerability a lot more difficult. The same thing is also valid for Android devices with SELinux.

This zero day might be around for awhile given the rate at which smartphone manufacturers and mobile telcos deploy security updates for their devices, but as for desktops most Linux OSes come with an automatic update feature so it should be faster.

Watch out for the patches guys.

Source: Akati

Comments are closed.