Critical Linux Kernel Flaw Discovered

January 19, 2016— Security startup Perception Point reported a critical Linux vulnerability (CVE-2016-0728) that affects versions 3.8 and higher. This kernel bug stands out because it also affects Android devices running the Kit-Kat version or higher.

To exploit the vulnerability, a malicious user should be in the target machine itself—meaning local access on a Linux server. The flaw is in the keychain facility, which is built into several versions of Linux. Essentially, it is a reference leak, which is then used to maliciously to execute arbitrary code in the Linux kernel.

Red Hat posted the following information in its website for possibly affected customers: https://access.redhat.com/articles/2131021. As of this writing, there is still no patch available.

Comments are closed.