Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Linux Kernel Vulnerability

Number: AL16-002
Date: 19 January 2016

Purpose

The purpose of this alert is to bring attention to a recently disclosed vulnerability in the Linux kernel.

Assessment

CCIRC is aware of a recently disclosed vulnerability in the Linux kernel. Identified as CVE-2016-0728, this vulnerability can allow privilege escalation in the Linux kernel environment.

CVE Reference: CVE-2016-0728
Affected Kernel Version: 3.8 and higher

Suggested action

Due to the potential risk presented by this vulnerability, CCIRC recommends that system administrators watch for vendor-released updates of affected Linux kernel versions.

References

Proof of Concept:
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728

Red Hat Bug Report:
https://bugzilla.redhat.com/show_bug.cgi?id=1297475

Date modified: