Google: Linux kernel leak does not affect 66 percent of Android devices
The recently discovered vulnerability in the Linux kernel is present in a “significantly smaller” number of devices, according to Google. The discoverers initially estimate the amount of vulnerable Android devices at 66 percent. A patch would be available from March 1.
Android security chief Adrian Ludwig reports in a blog post that Google has now made the patch for the vulnerability available. This must be present on all devices that perform a security update from March 1. He adds that Google does not believe that 66 percent of all Android devices are vulnerable, but that it is a “significantly smaller” number.
He bases this on the fact that Nexus devices would not be vulnerable to use of the vulnerability by third-party applications. In addition, devices running Android 5.0 or higher would be protected by SELinux. In addition, according to Ludwig, many devices running Android 4.4 do not contain the vulnerable code, because newer Linux kernels are not common on older devices. The vulnerability exists in Linux kernel 3.8 or later.
Ludwig also states that he is disappointed that the bug’s discoverers, Perception Point, did not contact the Android team before publishing the leak. The vulnerability allows a local attacker to run code in the kernel through the Linux keyring function and gain root access.