[colug-432] CVE-2016-0728: OS keyring vulnerability?

Rick Hornsby richardjhornsby at gmail.com
Tue Jan 19 19:00:36 EST 2016

"The Perception Point Research team has identified a 0-day local privilege escalation vulnerability in the Linux kernel. While the vulnerability has existed since 2012, our team discovered the vulnerability only recently, disclosed the details to the Kernel security team, and later developed a proof-of-concept exploit. As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets)."

Ars writeup: http://arstechnica.com/security/2016/01/linux-bug-imperils-tens-of-millions-of-pcs-servers-and-android-phones/
Detail: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

The Perception Point post is well written, but I didn't understand all of it.  This seems bad.  Maybe it's not remotely exploitable by itself, but perhaps in concert with some other lesser privilege vulnerability it could be?

More information about the colug-432 mailing list