CVE-2016-0728 — Serious Vulnerability in Linux Kernel 3.8+

CVE-2016-0728 — Serious Vulnerability in Linux Kernel 3.8+

Information has been released about a new vulnerability in the Linux kernel versions 3.8 and above, allowing attackers to escalate privileges—gaining superuser rights by executing special code with regular user permissions.

Many modern distributions are susceptible, including:

• Red Hat Enterprise Linux 7
• CentOS 7
• Debian 8
• SUSE Linux 12
• Ubuntu Linux 14.04 LTS
• Ubuntu Linux 15.04

Both server and workstation versions are affected. Additionally, many Android users are at risk.

The seriousness of this vulnerability cannot be underestimated. Although an attacker must execute arbitrary code to gain access, such code can be triggered by exploiting outdated content management systems or unpatched applications, enabling complete control of the system. This could lead to data breaches or using the compromised system for further attacks.

How to Update the System

To secure your system:

For RHEL family systems (CentOS, Fedora):

yum update
reboot

For Debian or Ubuntu:

apt-get update && sudo apt-get upgrade
reboot

Don’t forget to update content management systems and enforce strong passwords to protect your data.

Additional Information

• ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)
• How To Patch and Protect Linux Kernel Zero Day Vulnerability CVE-2016-0728
• A vulnerability found in the Linux kernel allows gaining superuser rights
• Zero-Day Flaw Found in ‘Linux Kernel’ leaves Millions Vulnerable