Critical Linux Kernel Vulnerability Gives Root Access
A vulnerability in the Linux kernel’s keyring subsystem makes it possible to execute code in the kernel. That reports the security company Perception Point. The leak is said to have been present since Linux kernel 3.8, or since 2012. A patch is now available.
Bug CVE-2016-0728 causes root privileges to be obtained locally, meaning the attacker must already have restricted privileges. Because the vulnerability has been in the system since 2012, it means that 66 percent of Android phones are also vulnerable, because that kernel is running 3.8 or higher. Perception Point writes that on its site. Add to that tens of millions of Linux PCs and servers. For now, the exploit has not been seen in the wild, but the discoverers of the leak have already managed to create a proof-of-concept.
The vulnerability is caused by a reference leak in the keyring function, which allows drivers to cache or preserve security data, authentication keys, encryption keys, and other data in the kernel. The vulnerability makes it possible for an attacker to run code in the kernel and thereby gain root privileges.
All in all, it does take a relatively long time to use the exploit. It takes about 30 minutes on an Intel Core i7-5500, the team writes, though time isn’t all that relevant with such an exploit. The Red Hat Security team helped squash the bug. The researchers conclude by stating that SMEP and SMAP make it difficult to abuse the bug, just like SELinux on Android. According to Threatpost, it may take longer for Android devices before patches become available, because manufacturers have to release them themselves.