Linux kernel flaw endangers millions of PCs, servers and Android devices
For almost three years, a serious vulnerability in the Linux kernel could have allowed attackers to take full control over Linux-based PCs, servers, Android phones and other embedded devices.
The flaw, which stems from the kernel’s keyring facility, allows applications running under a local user to execute code in the kernel. As a result, an attacker with access to only a limited account on a Linux system can escalate their privileges to root.
The vulnerability, tracked as CVE-2016-0728, was found and reported to the Linux kernel security team and several Linux distribution maintainers by researchers from an Israeli threat defense start-up called Perception Point.