Patch/Configuration Management, Vulnerability Management

Kernel bug allows full takeover of Linux devices

Researchers discovered a serious vulnerability in the Linux operating system kernel that could allow attackers to take full control of Linux devices, including PCs, Android phones and servers. The bug, dubbed CVE-2016-0728, involves the keyring facility used to retain security data encryption information in the kernel.

The vulnerability was discovered by researchers at Perception Point, and allows a use-after-free exploit that they said was introduced with Linux kernel version 3.8 in February 2013. “As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices,” Perception Point wrote in a blog post.

A patch for the vulnerability “should already be in preparation for Linux distributions,” according to a statement published on Linux.com.

Perception Point stated that the team has not observed any exploits targeting the vulnerability in the wild, but recommend that “security teams examine potentially affected devices and implement patches as soon as possible.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds