4th of February, 2016

For almost three years a serious vulnerability in the Linux kernel might have been allowing attackers to take full control over Linux-based PCs, servers, Android phones, and other embedded devices.Late last month, a cyber security startup called Perception Point detailed a problem that it had discovered inside the Linux kernel, which allowed attackers to gain root level privileges by running a piece of malware on an infected device. With these privileges, attackers could then take complete control of a device and its data. Ironically, the flaw itself was found to be part of a security feature that was intended to process and store secure information in keyrings.

 

Researchers at Perception Point reported discovering a way to trick the kernel (a computing/operating system that manages input and output requests from software and translates the requests into data processing instructions within the computing system) into freeing a still-referenced keyring (a primary way for drivers to retain or cache security data, authentication keys, encryption keys and other data stored within the kernel) object, overwriting the keyring with malicious content so that hackers can carry out their deeds. According to Perception Point, the vulnerability was introduced in kernel version 3.8, released in February 2013. If successfully exploited, the vulnerability allows attackers root access to the operating system, enabling them to delete files, view private information, and install malicious apps.

 

“It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine,” Yevgeny Pats, co-founder and CEO at security vendor Perception Point, said in ablog post published on January 14th 2016. “With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon the patch is out.”

 

The real problem is that this flaw has the potential to effect millions of users, given that many distributions and implementations of Linux are vulnerable. The worst may, in fact, be Android itself, where 66% of users are currently using operating systems that are vulnerable to this exploit.  As many of these products are over two years old, there is little chance of receiving a much-needed security patch.

 

There is less to worry about on the PC side of things. Red Hat, SUSE, and the Linux security teams are already in the midst of deploying patches to fix the vulnerability. The good news in that there is no evidence of this exploit being used in the wild just yet, but seeing how so many devices could be effected without the “watchdogs” knowing is another great reminder of why we should keep our softwares up to date.