A patch for a critical Linux kernel flaw, present in the code since 2012, was pushed out this week.The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, the company added.
???It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine,??? Yevgeny Pats, cofounder and CEO of Perception Point. ???With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon the patch is out.???
Pats said an attacker would require local access to exploit the vulnerability on a Linux server. A malicious mobile app would get the job done on an Android device (Kit-Kat and higher), he said. Pats added that exploitation of the flaw is fairly straightforward, but it’s unknown whether it’s been attacked to date.