This vulnerability has existed since 2012 and it affects Android and Linux systems running Linux Kernel version 3.8+, and Linux server or desktop running kernel 3.8+ is vulnerable.
As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets).
How do I fix this?
First some background on what the CVE-2016-0728 bug is. From the Perception Point Research Team
CVE-2016-0728 is caused by a reference leak in the keyrings facility. Before we dive into the details, let’s cover some background required to understand the bug. It can successfully escalates privileges from a local user to root.
The function in
security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Each process can create a keyring for the current session using keyctl(
KEYCTL_JOIN_SESSION_KEYRING, name) and can choose to either assign a name to the keyring or not by passing NULL. The keyring object can be shared between processes by referencing the same keyring name. If a process already has a session keyring, this same system call will replace its keyring with a new one. If an object is shared between processes, the object’s internal refcount, stored in a field called usage, is incremented. The leak occurs when a process tries to replace its current session keyring with the very same one. As we see in the next code snippet, taken from kernel version 3.18, the execution jumps to error2 label which skips the call to
key_put and leaks the reference that was increased by
The vulnerability affects any Linux Kernel version 3.8 and higher. SMEP & SMAP will make it difficult to exploit as well as SELinux on android devices. Maybe we’ll talk about tricks to bypass those mitigation in upcoming blogs, anyway the most important thing for now is to patch it as soon as you can.
The following Distros are known to be affected:
- Red Hat Enterprise Linux 7
- CentOS Linux 7
- Scientific Linux 7
- Debian Linux stable 8.x (jessie)
- Debian Linux testing 9.x (stretch)
- SUSE Linux Enterprise Desktop 12
- SUSE Linux Enterprise Desktop 12 SP1
- SUSE Linux Enterprise Server 12
- SUSE Linux Enterprise Server 12 SP1
- SUSE Linux Enterprise Workstation Extension 12
- SUSE Linux Enterprise Workstation Extension 12 SP1
- Ubuntu Linux 14.04 LTS (Trusty Tahr)
- Ubuntu Linux 15.04 (Vivid Vervet)
- Ubuntu Linux 15.10 (Wily Werewolf)
- Opensuse Linux LEAP 42.x and version 13.x
- Oracle Linux 7
Open a Terminal
ctrl alt t
Fully update your system
Check your current Kernel Version
You need to reboot the box. Before you apply patch, note down your current kernel version, get it by typing the following command:
Debian / Ubuntu
sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
RHEL / CentOS Linux
sudo yum update
Suse Enterprise Linux or Opensuse Linux
zypper patch && reboot
If you want to upgrade