Google refute scale Linux kernel vulnerabilities

A vulnerability in the Linux kernel, which was announced a few days ago, affects many devices based on Linux, including Android. When Perception Point reported an exploit, the report stated that it was affected by the 66% Android-devices. Googler Adrian Ludwig believes otherwise.

Google refute scale Linux kernel vulnerabilities

This exploit is entirely dependent on the configuration of the flag called CONFIG_KEYS, which is present in all Linux kernels starting with 3.8. It can be used by an attacker to obtain root-access. But in the recommendations of the core Android CONFIG_KEYS disabled, so not many manufacturers can expose vulnerabilities device.

Ludwig says that the Nexus devices are not susceptible to attack, and other devices running Android 5.0 or higher must also be protected. A potential problem can arise on older devices running Android 4.4 or lower, which is activated CONFIG_KEYS.

Despite this, the company has developed a patch for the vulnerability CVE-2016-0728 and is investigating the issue to determine the true extent of the problem. The patch will be included in the March security update for all devices with this patch are protected from the exploit.

Bookmark the permalink.

Leave a Reply