A new, previously undiscovered serious vulnerability in the Linux kernel could have allowed an attacker to take full control over Linux-based PCs, servers, Android phones and other embedded devices.
The vulnerability, tracked as CVE-2016-0728, was found and reported to the Linux kernel security team and several Linux distribution maintainers by researchers from an Israeli threat defense start-up called Perception Point.
Also Read : PlayStation 4 Hacked to Run Linux
Serious Flaw in Linux Kernel
The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher. The vulnerability is in the keyring facility, baked into the core of the Linux software. If exploited, an attacker would be able to execute code on the Linux kernel, and extract cached security data, which can include in some cases encryption and authentication keys.
In short, the flaw allows an attacker to gain root level privileges by running a piece of malware on an affected device. With that elevation of privileges the attacker could then take complete control of a device and its data.
Perception Point is not aware of any attack exploiting this vulnerability in the wild, but the company believes that computers emergency response teams and larger security vendors might be in a better position to discover if such attacks have happened.
Linux distributions will release security patches for this vulnerability this week, so users should update their Linux kernel as soon as possible. However, some systems will likely remain vulnerable for some time to come, if not indefinitely.