Linux Kernel Zero Day Vulnerability CVE-2016-0728
A new critical zero-day (CVE-2016-0728) vulnerability has been discovered in the Linux kernel that could allow attackers to gain root level privileges by running a malicious Android or Linux application on an affected device. CVE-2016-0728 is caused by a reference leak in the keyrings facility.This Linux kernel vulnerability has been identified by a group named Perception Point.
Linux kernel vulnerabilities are not all that uncommon, and they are found and patched all the time. This is why the Linux-based operating systems are usually more secure than proprietary ones. Everything gets fixed as soon as it’s found, and not a minute later. On the other hand, zero-day vulnerabilities are not all that frequent, especially for the Linux kernel.
• Operating system with Linux kernel 3.8 and higher, both 32-bit and 64-bit, exposed to this flaw.
• Even Android versions – KitKat and higher are affected
• If successfully exploited, the vulnerability can allow attackers to get root access to the operating system, enabling them to delete files, view private information, and install malicious apps.
• Pre-requisite – An attacker would only require local access to exploit the flaw on a Linux server.
How to patch this vulnerability:
Upgrade the Linux servers with latest patches,
More on CVE-2016-0728: https://security-tracker.debian.org/tracker/CVE-2016-0728