Wind River Support Network

HomeSafety and Security NoticesWind River Security Alert for CVE-2016-0728
Recommended

Wind River Security Alert for CVE-2016-0728

Released: Jan 21, 2016     Updated: Jan 25, 2016

Summary

Wind River Security Alert for CVE-2016-0728


Affected Product Versions

Wind River Linux 5

Downloads


Defects


CVEs


Description

=========


http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728 says:


Perception Point Research team has identified a 0-day local privilege escalation vulnerability in the Linux kernel. While the vulnerability has existed since 2012, our team discovered the vulnerability only recently, disclosed the details to the Kernel security team, and later developed a proof-of-concept exploit. As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets). While neither us nor the Kernel security team have observed any exploit targeting this vulnerability in the wild, we recommend that security teams examine potentially affected devices and implement patches as soon as possible.


Solution:

=======

This issue only effect on WRL6, 7 and 8. WRL5 and earlier releases are not affected.


We will fix this vulnerability in WRLinux 6.0.0.28/7.0.0.13/8.0.0.2


In the meantime, you can apply the source patch 0001-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch.


Live chat
Online