A patch for a critical Linux kernel flaw, present in the code since 2012, is expected to be pushed out today. The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, the company added.
The vulnerability, CVE-2016-0728, lives in the keyring facility built into the various flavors of Linux. The keyring encrypts and stores login information, encryption keys and certificates, and makes them available to applications. In a report published by Perception Point, researchers said the vulnerability is a reference leak that can be abused to ultimately execute code in the Linux kernel.
Source: https://threatpost.com/serious-linux-kernel-vulnerability-patched/115923/Submitted by: Arnfried Walbrecht