• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Linux kernel vulnerability leaves Android users exposed to attacks for years

Updated on Jan 21, 2016 by Guest Authors

Users of Android mobile devices and Linux-based computers have had three years of risky experience with their devices as security researchers at Perception Point discovered a critical vulnerability in the Linux kernel that attackers could have used to their advantage to penetrate those devices.

The Linux vulnerability was caused by an anomaly in what is called the kernel keyring facility and has enabled applications that operate under a local user to perform code execution in the Linux kernel. This has allowed any attacker who has access to a number of accounts on a Linux environment to expand their authority and root the device.

android-flaws

As the foundation of all operating systems built based on Linux, the Linux kernel’s keyring storage hides sensitive data like authentication and encryption within the facility in order to protect it from other users who have no authority to gain access to it.

According to the Perception Point researchers, they were able to determine a tricky path toward overwriting a keyring object with malicious files in order to execute the object after setting it free from its state as a still-referenced object. This vulnerability began to manifest itself in the version 3.8 of kernel, according to the researchers.

Although Linux plans to release updates intended to fix the vulnerability in its kernel, there will remain a number of related flaws such that automatic updates will be disabled on several Linux-based servers. One way to avoid getting tangled in such a dilemma is for system administrators to assess whether or not an update must be deployed. It will also prevent delays in critical software patches.

While Android devices are the most commonly known victims of this flaw, all other Linux-based architectures are in fact as much affected. If your system runs the kernel version that has been released more than three years ago, you are certainly exposed to attacks due to this flaw.

In the case of Android, affected versions include the Android 4.4 KitKat and later iterations of Google’s mobile operating system. That means nearly 7 out of 10 Android users are affected by the vulnerability.

And there is a lingering problem for users who wish to get immediate patches for any security flaws. Android has been known to have a massively diverse ecosystem, thus making it hard to roll out updates fast. Many users of Android will likely never get a patch for this particular vulnerability because of the fragmentation in Android, according to security researchers. That is so because majority of Android devices get software updates only for the first 18 months before these handsets are detached permanently from the support system.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

TORRAS COOLIFY 2S Neck Air Conditioner Review – A Revolution in Personal Comfort

FLIR ONE Pro Review – A Must-Have Thermal Camera for Homeowners

OAK & IRON Wave Electric Outdoor Inflator Review

Carepod One MS031S2 Cool Mist Humidifier Review – The Sleek and Effective Solution for Dry Air

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • TORRAS COOLIFY 2S Neck Air Conditioner Review – A Revolution in Personal Comfort
  • Celebrate Mother’s Day with BLUETTI’s Portable Power Solutions
  • Best Oral-B Alternative: Bitvae R2 Electric Toothbrush Review
  • Prevent Tooth Decay & Gum Disease with Bitvae C2 Water Dental Flosser

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}