New zero-day flaw hits millions of Linux servers, also affects most Android devices

The flaw is said to affect "tens of millions" of Linux PCs and servers, and most modern devices running the latest Android KitKat 4.4 software and later.
Written by Zack Whittaker, Contributor

A new, previously undiscovered flaw that allows an attacker to escalate local user privileges to the highest "root" level is said to hit "tens of millions" of Linux PCs and servers.

Because some of the code is shared, the zero-day flaw also affects more than two-thirds of all Android devices.

Israeli security firm Perception Point disclosed the flaw in a blog post Tuesday, but it wasn't immediately clear if the bug had been privately reported to Google, which develops the Android software.

Perception Point said in an email that it has released a proof-of-concept exploit following collaboration with a number of Linux distribution teams.

The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher. The vulnerability is in the keyring facility, baked into the core of the Linux software. If exploited, an attacker would be able to execute code on the Linux kernel, and extract cached security data, which can include in some cases encryption and authentication keys.

The Israeli security firm said it had no evidence to suggest the flaw had been exploited in the wild.

A patch is expected to be released on January 19 for most Linux machines.

Red Hat has already patched its systems, according to a security advisory, with other distributions expected to follow up in the coming day.

It is not known if Google was aware of the bug before Perception Point published its findings. The Android maker will likely fix the bug as part of its scheduled monthly security updates in February.

A Google spokesperson did not comment.

This post has been updated.

Editorial standards