Easy-to-exploit rooting flaw puts Linux computers at risk
The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability that’s already being exploited in the wild and poses a serious risk to servers, desktops and other devices that run the OS.
The vulnerability, tracked as CVE-2016-5195, has existed in the Linux kernel for the past nine years. This means that many kernel versions that are used in a variety of computers, servers, routers, embedded devices and hardware appliances are affected.
The Red Hat security team describes the flaw as a “race” condition, “in the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.” This allows an attacker who gains access to a limited user account to obtain root privileges and therefore take complete control over the system.