Security firm Perception Point recently discovered a privilege escalation vulnerability in the Linux kernel that has gone unchecked since 2012.
On Tuesday, the Perception Point research team penned a blog post explaining the bug and walking through their proof-of-concept exploit, as well as noting that the bug had been reported to those maintaining the kernel.
The bug, listed by Perception Point as CVE-2016-0728, affects the keyring facility in Linux Kernel version 3.8 and higher. The problem is that it allows drivers to retain and cache encryption and authentication keys, as well as other security data in the kernel. Due to the sensitive nature of what it holds, the keyring facility is supposed to be inaccessible by other user-space applications.
Basically, what this means is that a user or application without proper permissions may still be able to gain access to root.
Being that the Linux kernel is the foundational piece of all Linux-based operating systems, including Android, the implications are huge.
According to the blog post: “As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets).”
Hopefully, a security patch will be released soon. If you are a Linux user, make sure you update your kernel as soon as you can to protect against this vulnerability.
For Android users, the bug affects Android version 4.4 (KitKat) and later. Currently, that covers 69.4% of all Android devices, although the number was originally listed by Perception Point as 66%.
The implications for Android users are that, if exploited, the bug could allow another application to take over core OS functions on your device–not good. The problem is further compounded by the fragmentation of the Android ecosystem, and the often difficult process of receiving updates. Google finally rolled out a plan for monthly Android updates back in August 2015, but that still doesn’t account for the plethora of obstacles and delays that come from specific vendors.
There is a silver lining to all this, though. According to Perception Point, neither their research team, nor the Kernel security team have seen any known exploit “targeting this vulnerability in the wild.” However, the research team did recommend that security teams take a look at any devices in their portfolio that could have been affected and respond immediately.