Linux zero-day vulnerability leaves millions of PCs and 66% of Android devices at risk

Zero-day vulnerability in Linux kernel — Zero-day vulnerability is caused by a reference leak in the keyring facility Getty Images

A new zero-day vulnerability has been discovered in Linux that affects tens of millions of PCs, servers running the operating system and 66% of Android devices including phones and tablets. This bug allows the attacker to gain root access of a device and execute code to steal data from the compromised device.

This memory-leak vulnerability, which is better known by its identification number CVE-2016-0728, has existed since 2012, when it was first spotted in the Linux kernel version 3.8 and exists on both 32-bit and 64-bit Linux systems.

Yevgeny Pats, the chief executive officer of cybersecurity startup Perception Point, which recently spotted the vulnerability, notes that it relates to "a problematic flow in the security features in the Linux kernel" that runs Linux-based desktops, servers and Android devices. This vulnerability exists in the keyring facility built into the Linux kernel. The keyring facility is a way for drivers to retain or cache security data, authentication keys, encryption keys and other data in the kernel.

One needs to have local access to the machine in order to exploit this vulnerability, or build malware to gain access to the machine, according to Pats. "Using the API that the kernel provides, you can get root access to the machine," he adds. He also claims that the vulnerability could be exploited through malware that provides root access to attackers, although there is no evidence of attackers using this flaw.

"While neither us nor the Kernel security team have observed any exploit targeting this vulnerability in the wild, we recommend that security teams examine potentially affected devices and implement patches as soon as possible," asserts the Perception Point research team.

Apart from Linux, this vulnerability poses a threat to older Android devices, which no longer receive security patches from the manufactures or the latest update, asserts Data Breach.

The cybersecurity firm has already notified the Linux and Red Hat security teams. "They were very, very responsive, and fixed it quite fast," Pats added. Meanwhile, Red Hat appears to have fixed its systems, according to the security advisory.

The research team finally says that Supervisor Mode Access Prevention (SMAP) and Supervisor Mode Execution Protection (SMEP) as well as SELinux on Android devices can make exploiting this vulnerability difficult. However, there are tricks to bypass these mitigations.