Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Linux Kernel Vulnerability

Number: AL16-002
Date: 19 January 2016

Purpose

The purpose of this alert is to bring attention to a recently disclosed vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the Linux kernel.

Assessment

CCIRC is aware of a recently disclosed vulnerability in the Linux kernel. Identified as CVE-2016-0728, this vulnerability can allow privilege escalation in the Linux kernel environment.

CVE Reference: CVE-2016-0728
Affected Kernel Version: 3.8 and higher

Suggested action

Due to the potential risk presented by this vulnerability, CCIRC recommends that system administrators watch for vendor-released updates of affected Linux kernel versions.

References

Proof of Concept:
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728

Red Hat Bug Report:
https://bugzilla.redhat.com/show_bug.cgi?id=1297475

Date modified: