Google Patches the Linux Kernel Exploit in Android, Believes Impact is Exaggerated
A zero-day vulnerability in the Linux kernel was disclosed earlier this week by Perception Point and Red Hat. Google has now released the patch for Android Linux vulnerability, but doesn’t believe that many Android devices are at risk.
Android Linux vulnerability patched, doesn’t affect many devices:
Google has prepared a patch for Android addressing a Linux kernel vulnerability, but the tech giant believes that the number of affected devices is much smaller than initially reported. Perception Point who disclosed the vulnerability had claimed that 66% of Android devices were affected. “Linux bug imperils tens of millions of PCs, servers, and Android phones,” ArsTechnica had reported. Google’s Adrain Ludwig now says that the actual number of affected devices is much smaller. The exploit, dependent on CONFIG_KEYS, has been present in all Linux kernels since 3.8. However, the recommended configuration for the Android Linux has the CONFIG_KEYS disabled, making quite a fewer Android devices at risk.
The exploit could be used by a hacker to gain root access of an Android device, but it requires a lot of processing time. Ludwig says that Android 5.0 and higher versions are safe thanks to SELinux which prevents third-party apps from interacting with the kernel. Moreover, he also says that Nexus devices are not affected. The risk then comes down to Android devices running on Android 4.4 and have CONFIG_KEYS enabled.
We believe that no Nexus devices are vulnerable to exploitation by 3rd party applications. Further, devices with Android 5.0 and above are protected, as the Android SELinux policy prevents 3rd party applications from reaching the affected code. Also, many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in linux kernel 3.8, as those newer kernel versions not common on older Android devices. – Adrian Ludwig
Perception Point claims that while SELinux is more difficult to exploit the vulnerability, however, the protection can still be bypassed.
Google is investigating the issue to further determine the scale of the risk. The company has prepared the patch and released it to open source and partners today. The CVE-2016-0728 patch will be rolled out in the March security update.