Linux Kernel Flaw Reaches Into Internet of Things

7bhULalsFzt0xvUlnd_RuTl72eJkfbmt4t8yenImKBV9ip2J1EIeUzA9paTSgKmv

In-brief: Software updates were released to address a serious and exploitable security flaw in the Linux kernel on Tuesday. The issue, in a feature called keyring, could impact embedded systems as well as mobile devices. 

Software updates were released to address a serious and exploitable security flaw in the Linux kernel on Tuesday.

The bug, in a common Linux component called “keyring” has broad reach, affecting many versions of the Android mobile operating system, as well as embedded devices on the Internet of Things that run versions of the Linux, according to researchers at the security firm Perception Point, which discovered the hole. The vulnerability has been assigned the identifier CVE-2016-0728.

In a blog post, Perception Point described the vulnerability as a zero-day local privilege escalation vulnerability in the Linux kernel that has existed since 2012. “This vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets),” the company said.

In an interview with The Security Ledger, Perception Point CEO Yevgeny Pats said that the vulnerability, CVE-2016-0728, is caused by a programming error in code that is part of the keyring facility, a feature of the Linux kernel that provides a way for drivers to retain or cache security data including authentication and encryption keys in the kernel.

[Read Security Ledger coverage of issues facing the Linux operating system here.]

The flaw was discovered by Perception Point researchers who were developing a Linux software client for the company’s software. “Our research team looked into (the bug) and saw that it can cause a privilege escalation on the device,” Pats said.

The keyring feature is a core component of the Linux kernel starting with the 3.8 release. As a result, the vulnerability is “platform agnostic,” Pats said. It affects both 32-bit and 64-bit systems that use that kernel. Any version of Android starting with the KitKat release contains the vulnerability as does any embedded real-time OS (RTOS) that relies on the 3.8 kernel – or later.

The flaw is a common one: a so-called “integer overflow” vulnerability in which a field used to store a reference count for a keyring object isn’t properly checked to prevent overflowing the ‘use count’ field, allowing it to wrap around to 0.

“If a process causes the kernel to leak 0x100000000 references to the same object, it can later cause the kernel to think the object is no longer referenced and consequently free the object,” perception point wrote. “If the same process holds another legitimate reference and uses it after the kernel freed the object, it will cause the kernel to reference a deallocated or reallocated piece of memory. Attackers could use that predictable “use after free” behavior to force the system to execute malicious code.

To exploit the hole, an attacker would simply need to establish low-privileged access to an affected system. On an Android phone, this could be by way of an Android mobile application. In a more traditional environment, it might require physical or logical access to the system. Once logged in with low privileges, the vulnerability could be used to escalate the user’s privileges, gaining administrator level access to the vulnerable system.

Perception Point has coordinated with leading Linux distributions to patch the issue, including Red Hat, which issued two patches addressing the kernel vulnerability early Tuesday. Red Hat rated the issue “moderate.” The company also published an analysis of the flaw including proof of concept code.

Security flaws in core components of the Linux operating system have the potential to affect a wide range of devices, as more companies turn to the open source operating system to power connected devices.

 

13 Comments

  1. Tremendous issues here. I am very glad to look your post.

    Thank you so much and I am looking ahead to
    contact you. Will you please drop me a e-mail?

  2. En cifras, en el cuarto trimestre de 2015 había en Aragón un total de quinientos cuarenta y ocho.300 personas ocupadas, veintiuno.800 más que en el mismo periodo del año precedente, lo que se traduce en un acreciento del empleo del
    4,1 por ciento en tasa anual.

  3. Tienen una duración de catorce días y están dirigidos
    a niños de 8 a trece años, combinando el refuerzo de los conocimientos
    adquiridos a lo largo del año académico y la educación de una
    lengua extranjera, con actividades recreativas y tiempo libre
    en plena naturaleza, convirtiéndose en la opción ideal para pasar un verano diferente,
    lleno de diversión, aventura y convivencia con el
    ambiente.

  4. bồn tắm thảo dược bằng gỗ

    My relatives always say that I am wasting
    my time here at web, except I know I am getting knowledge everyday by reading such good content.

  5. You’re so awesome! I don’t believe I’ve read a single thing like this before.
    So nice to discover anotner person with genuine thoughts oon this
    topic. Really.. thank you for starting this up.
    This website is one thing that is equired on the internet, someone with a bit of originality!

  6. Running sneakers seashore, New York SneakerCon2014 facility sports follow-up main case event SneakerCon this unique vacation just as before to
    BasketballCity – NY. The game location to Pier92/ninety-four pavilion, biggest storage space,
    and a lot exhibitors get numerous shoes, immerse per fink; the following,
    you can discover probably the most treasured and additionally rare heels,
    view the attention about the lense, dry Jordan remains the president; too, you can find famed places
    and then product event, these include JohnnyCupcakes, StapleDesign, JasonMarkk in addition to a Rastaclat and thus.
    Might take advantage of the after turned on-site web inspection.

  7. you’re really a excellent webmaster. Thee web site loading
    speed is incredible. It sort of feels that you’re doing any distincive
    trick. Moreover, Thee contents are masterpiece.
    you ave performed a wonderful activity on this topic!

  8. avis riviera et bar

    Nos machines a pain pas cher appartiennent aux, compactes marques Moulinex, Delonghi
    Kenwood Riviera & Bar.

  9. I believe everything wrote was very logical. But, consider this, what if you were to create a
    killer post title? I mean, I don’t want to tell you how to run your website, but what
    if you added something to maybe grab a person’s attention? I mean Linux Kernel Flaw Reaches Into
    Internet of Things | The Security Ledger is kinda vanilla.
    You should glance at Yahoo’s home page and see how they write news headlines to grab people
    interested. You might add a related video or a related pic or two to
    grab readers interested about what you’ve written. Just my opinion, it could make your website a little livelier.

  10. Because of the large number of pay lines, this game is mostly
    found as a penny slot but caan be found in thee nickel denomination as well.

    Surround sound in The Two Towers is particularly impressive.
    Each slot profile wiill include information about wher you can find it, what
    gimmicks and bonus rounds are on the slot and a video of the game
    in action.

  11. Thanks for sharing your thoughts on application development.
    Regards

  12. It is not my first time to go to see this web page, i am browsing this site dailly and take good data from here everyday.

  13. Very good website you have here but I was curious if you knew
    of any community forums that cover the same topics talked about in this article?
    I’d really like to be a part of online community where I can get feedback from other experienced people that share the same interest.

    If you have any suggestions, please let me know. Thanks a lot!