Computing

Fixed a serious vulnerability in the Linux kernel

0 204 2 minutes of reading

Considering the number of people who develop, test and analyze the Linux kernel, it is difficult to miss a vulnerability. However, it does happen sometimes, and that's what happened this time. It's about the vulnerability CVE-2016-0728 , a flaw that affects two of the Linux keychain functions and allows code to run on a machine with kernel permissions.

Researchers from Perception point discovered this vulnerability. Vulnerability present in the Linux kernel since version 3.8, which means that since 2012 this hole has been open without anyone noticing . And it is serious. It should be noted that this vulnerability allows an unauthorized user with direct machine access and minimum permissions to gain root access and endanger the entire device, as they could execute code with the a level Pigmentation Linux permissions . In addition, it must be taken into account that this security flaw affects more than a third of Android smartphones and tablets, those with the Kit Kat version or higher, since they use the same version of the kernel.

The Linux kernel bug is on the keychain

The Linux kernel vulnerability is found in two specific keychain functions, Add_key and request_key keyctl. These allow code execution with kernel permissions to add and retrieve passwords. For this reason, we are talking about a serious security breach, because it practically affects the heart of security . In fact, the error could result in loss of memory information or even the ability to run code remotely with kernel permissions, with whatever that would entail.

However, although the problem is easy to fix, since with a small patch the vulnerability is covered, many users find it virtually impossible to update. We are talking, for example, of users with old Android smartphones. They have to manually update their system. To do this, you need to type the following commands into a terminal.

Ubuntu/Debian:

  • sudo apt update
  • sudo apt upgrade
  • sudo restart

CentOS/RHEL:

  • sudo yum update
  • redémarrer

Additionally, it is convenient to enable SMEP and SMAP (and SELinux on Android) security modules so that it is much more difficult for anyone to execute kernel code.

Are you concerned about this Linux kernel problem? Have you received any updates or do you need to do it manually?

Source: RedesZone.

This might interest you ...

  • Linux is making its way into the world of video games
  • The 10 basics to know about Linux
0 204 2 minutes of reading

Similar items

Photo of Operators in Arduino Programming What are they, what are they used for and which are the most important?

Operators in Arduino Programming What are they, what are they used for and which are the most important?

December 31, 2020
Photo of How To Enable Two-Step Apple ID Verification To Improve Your Data Security? Step by step guide

How to enable two-step Apple ID verification to improve your data security? Step by step guide

December 30, 2020
Photo of What are the best free programs to edit videos without watermark? 2020 List

What are the best free programs to edit videos without watermark? 2020 List

December 30, 2020
Photo of Decorate your computer with these Christmas backgrounds, themes, apps, accessories and more

Decorate your computer with these Christmas backgrounds, themes, apps, accessories and more

February 12

Leave your comment

Your email address will not be published. Required fields are marked with *

Button back to top