Critical Linux Kernel Flaw Found

Security researchers urge Android users to manually patch a vulnerability that’s existed for at least three years

Security specialists are desperately trying to patch up a serious Linux Kernal vulnerability that existed in coding since 2012.

The zero day local privilege escalation flaw impacts versions 3.8 and higher and affects two thirds of Android devices, warned researchers at startup Perception Point who discovered the vulnerability.

security vulnerability Shutterstock - © Andy Dean PhotographyHuge implications for Linux PCs and servers

This has implications for tens of millions of Linux PCs and servers, they added.

Yevgeny Pats, cofounder and CEO of Perception Point, told Threat Post: “It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine. With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon the patch is out.”

A malicious mobile app would be able to exploit the flaw on an Android device (Kit-Kat and higher), with an attacker also requiring local access. It remains unclear at this point if the vulnerability has actually been exploited.

Perception Point have created a fix, which it described as “simple” but said the real problem is that not all carriers and manufacturers patch devices automatically.

Are you an open source expert? Take our quiz to find out!