7.8
CVSSv3

CVE-2016-0728

Published: 08/02/2016 Updated: 10/11/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 745
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel prior to 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android 6.0.1

google android 5.0

google android 4.4.3

google android 4.2.1

google android 4.2

google android 5.1.0

google android 5.1

google android 4.4

google android 4.3.1

google android 4.0.4

google android 4.0.3

google android 5.0.2

google android 5.0.1

google android 4.3

google android 4.2.2

google android 4.0.2

google android 4.0.1

google android 4.0

google android 6.0

google android 5.1.1

google android 4.4.2

google android 4.4.1

google android 4.1.2

google android 4.1

hp server migration pack

linux linux kernel

Vendor Advisories

The system could be made to crash or run programs as an administrator ...
The system could be made to crash or run programs as an administrator ...
The system could be made to crash or run programs as an administrator ...
The system could be made to crash or run programs as an administrator ...
The system could be made to crash or run programs as an administrator ...
The system could be made to crash or run programs as an administrator ...
The system could be made to crash or run programs as an administrator ...
The system could be made to crash or run programs as an administrator ...
A potential security vulnerability has been identified with certain HP Thin Clients running ThinPro OS The vulnerability could be exploited exploited locally resulting in elevated privileges ...
Perception Point Research <a href="perception-pointio/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/">identified</a> a use-after-free vulnerability, representing a local privilege escalation vulnerability in the Linux kernel Their post contains a detailed analysis of the bug kernel-4113-1 ...
A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function A local, unprivileged user could use this flaw to escalate their privileges on the system ...
A potential security vulnerability has been identified with certain HP Thin Clients running ThinPro OS The vulnerability could be exploited exploited locally resulting in elevated privileges ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service CVE-2013-4312 Tetsuo Handa discovered that it is possible for a process to open far more files than the process' limit leading to denial-of-service conditions CVE-2015-7566 Ralf Spenneberg of OpenSource Se ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1349 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 25 Feb 2016 Open High CVSS v2: 72 SA112 ...
We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process The Nexus firmware images have also been released to the Google Developer site Builds LMY49H or later and Android M with Security Patch Level of March 01, 2016 or later address these issues Ref ...
Oracle Linux Bulletin - January 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...

Exploits

/* # Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings # Date: 19/1/2016 # Exploit Author: Perception Point Team # CVE : CVE-2016-0728 */ /* $ gcc cve_2016_0728c -o cve_2016_0728 -lkeyutils -Wall */ /* $ /cve_2016_072 PP_KEY */ /* EDB-Note: More information ~ perception-pointio/2016/01/14/analysis-and-exploitation ...
/* # Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings # Date: 19/1/2016 # Exploit Author: Perception Point Team # CVE : CVE-2016-0728 */ /* CVE-2016-0728 local root exploit modified by Federico Bento to read kernel symbols from /proc/kallsyms props to grsecurity/PaX for preventing this in so many ways $ gcc cve_20 ...

Mailing Lists

Linux kernel versions 441 and below REFCOUNT overflow / use-after free keyrings local root exploit ...
Linux kernel REFCOUNT overflow / use-after-free in keyrings exploit ...

Github Repositories

cve-2016-0728 exploit and summary

CVE-2016-0728 Seccamp 2017 課題 以下のプログラムはLinuxカーネル38〜44に存在する脆弱性を悪用しています。このプログラムの実行により発生する不具合を説明してください。また、この脆弱性をさらに悪用することでroot権限昇格を行うエクスプロイトを記述し、自分が試した動作環境や

Zabbix public templates A place for community driven integrations with Zabbix This repository is dedicated to templates that are created and maintained by Zabbix community How to use templates from this repository? Download and import a template into the supported Zabbix version Configure the template according to the configuration requirements Configure a host with templa

Zabbix public templates A place for community driven integrations with Zabbix This repository is dedicated to templates that are created and maintained by Zabbix community How to use templates from this repository? Download and import a template into the supported Zabbix version Configure the template according to the configuration requirements Configure a host with templa

cve-2016-0728 Analaysis of cve-2016-0728

A collection of code pertaining to CVE-2016-0728 (various authors)

cve: A collection of code pertaining to CVE-2016-0728 (various authors) Excerpts from Linux, showing the evolution and fix of the bug Exploit code from Perception Point with added comments that explain what each line does A short script that uses the leak to increment usage count, useful for determining whether the bug exists on your system A version of the exploit that bypa

Zabbix public templates A place for community driven integrations Here you can find Zabbix templates that are being supported by the vast and large Zabbix community Contributing There are many good ways to contribute to community Zabbix templates and integrations Fix and report bugs Improve documentation Review templates and feature proposals Answer questions and discuss her

Enterprise Linux Exploit Mapper

Elem Welcome to the Enterprise Linux Exploit Mapper The purpose of the elem tool is to assist with assessments known exploits on an enterprise Linux host Initially the STRIDE threat scoring model will be used though this tool is designed to support additional models Requirements There are two components necessary to use all the features of elem The elem repository: https

Zabbix public templates A place for community driven integrations with Zabbix This repository is dedicated to templates that are created and maintained by Zabbix community How to use templates from this repository? Download and import a template into the supported Zabbix version Configure the template according to the configuration requirements Configure a host with templa

CVE-2016-0728

Linux Exploit Mapper correlates CVEs local to a Linux system with known exploits

LEM Welcome to the Linux Exploit Mapper The purpose of the lem tool is to assist with assessments known exploits on a Linux host Initially the STRIDE threat scoring model will be used though this tool is designed to support additional models Requirements There are two components necessary to use all the features of lem The lem repository: githubcom/redteam-proje

Zabbix public templates A place for community driven integrations with Zabbix This repository is dedicated to templates that are created and maintained by Zabbix community How to use templates from this repository? Download and import a template into the supported Zabbix version Configure the template according to the configuration requirements Configure a host with templa

Document on Linux Kernal Vulnerability CVE-2016-0728 and Exploitation

Linux-Vulnerability-CVE-2016-0728-and-Exploit Document on Linux Kernal Vulnerability CVE-2016-0728 and Exploitation -References- perception-pointio/resources/research/analysis-and-exploitation-of-a-linux-kernel-vulnerability/ gistgithubcom/PerceptionPointTeam/e9b47cf6a7240ac7b8c5#file-process_keys-c gistgithubcom/PerceptionPointTeam/3864cf0c2a77f7eb

A collection of code pertaining to CVE-2016-0728 (various authors)

cve: A collection of code pertaining to CVE-2016-0728 (various authors) Excerpts from Linux, showing the evolution and fix of the bug Exploit code from Perception Point with added comments that explain what each line does A short script that uses the leak to increment usage count, useful for determining whether the bug exists on your system A version of the exploit that bypa

Kernel-Security

Kernel Driver mmap Handler Exploitation Windows内核池喷射的乐趣 cve-2016-6187-heap-off-by-one-exploit Exploiting on CVE-2016-6787 Linux内核漏洞CVE-2016-0728的分析与利用 潜伏11年的Linux内核提权漏洞曝光 CVE-2017-5123 Linux kernel v413 (Disable SELinux) Exploiting Windows 10 Kernel Drivers - Stack Overflow Making something out of Zeros: Alternative

exploit about privillige CVE list reproduce the vulnerabilities successfully CVE-2019-14287 sudo CVE-2019-14287 CVE-2016-5195 dirtycow CVE-2015-1328 CVE-2015-8660 overlayfs CVE-2017-0359 ntfs-3g local privilege escalation to root CVE-2016-8655 'AF_PACKET' Race Condition Privilege Escalation, chocobo_root cannot reproduce the vulnerabilities CVE-2016-0728 REFCOUNT O

kernelpop kernelpop is a framework for performing automated kernel exploit enumeration on Linux, Mac, and Windows hosts example of enumeration to root NOTE: Since it seems like this project is getting some clones / views, I should say this is a work in progress I'm taking class and working fulltime so getting programming time is sporadic That said, I am actively maint

kernel privilege escalation enumeration and exploitation framework

kernelpop kernelpop is a framework for performing automated kernel vulnerability enumeration and exploitation on the following operating systems: Linux Mac It is designed to be python version-agnostic, meaning that it should work with both python2 and python3 please let me know if you find that it doesn't example of enumeration to root (Linux) ways to use run

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

What's this This project is mainly used to collect the exp for Linux platform privilege promotion, only to help penetration testers quickly achieve privilege promotion in actual combat Information CVE ID Description Kernels CVE-2004-0077 Linux Kernel 2420, 2224, 2425, 2426, 2427 CVE-2004-1235 Linux Kernel 2429 CVE-2005-0736 Linux Kernel 265, 267,

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

Linux kernel EoP exp

linux-kernel-exploits 简介 在github项目:githubcom/SecWiki/linux-kernel-exploits 的基础上增加了最近几年的提权漏洞Exp,漏洞相关信息的搜集在对应漏洞文件夹下的Readmemd。 红队攻击时,可以通过脚本:githubcom/mzet-/linux-exploit-suggester/blob/master/linux-exploit-suggestersh 评估系统可能受到哪些提

Great article related to Linux kernel fuzzing and exploitation

Linux-Kernel-exploit Great articke related to Linux kernel fuzzing and exploitation Pull requests are welcome Books 2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani Exploitation techniques 2017: "New Reliable Android Kernel Root Exploitation Techniques" [slides] 2017: "Unleashing Use-Before-Initializati

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits Linux平台提权漏洞集合

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

Localroot-ALL-CVE~

Localroot Collection Linux 2001 // CVE N/A | Sudo prompt overflow in v157 to 165p2 2002 // CVE-2003-0961 | Linux Kernel 2422 - 'do_brk()' Local Privilege Escalation 2003 // CVE-2003-0127 | Linux Kernel 22x/24x (RedHat) - 'ptrace/kmod' Local Privilege Escalation CVE-2003-0961 | Linux Kernel 2422 - 'do_brk()' Local Privilege Es

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

Linux Elevation(持续更新)

Linux Elvation This project is for Linux Elvation Vulnerable list #CVE  #Description  #Kernels CVE-2021-3156[Sudo 182 - 1831p2 Sudo 190 - 195p1] CVE-2020-9470[Wing FTP Server 625 - Privilege Escalation] CVE-2020-8635[Wing FTP Server 623 - Privilege Escalation] CVE-2020-8835[Linux Kernel 54 or Linux Kernel 54] CVE-2019-7304 [2342ubuntu01 or 23

What's this This project is mainly used to collect the exp for Linux platform privilege promotion, only to help penetration testers quickly achieve privilege promotion in actual combat Information CVE ID Description Kernels CVE-2004-0077 Linux Kernel 2420, 2224, 2425, 2426, 2427 CVE-2004-1235 Linux Kernel 2429 CVE-2005-0736 Linux Kernel 265, 267,

Linux Elevation(持续更新)

Linux Elvation This project is for Linux Elvation Vulnerable list #CVE  #Description  #Kernels CVE-2020-9470[Wing FTP Server 625 - Privilege Escalation] CVE-2020-8635[Wing FTP Server 623 - Privilege Escalation] CVE-2020-8835[Linux Kernel 54 or Linux Kernel 54] CVE-2019-7304 [2342ubuntu01 or 2355+18101] CVE-2019-13272 [Linux kernel before 5117]

A bunch of links related to Linux kernel exploitation

Linux Kernel Exploitation Some exploitation methods and techniques are outdated and don't work anymore on newer kernels Pull requests are welcome Books 2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani Exploitation techniques 2018: "Linux-Kernel-Exploit Stack Smashing" [article] 2018, HitB: "Mirror

Not ready yet

Linux Kernel Exploitation Some exploitation methods and techniques are outdated and don't work anymore on newer kernels Pull requests are welcome Books 2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani Exploitation techniques 2018: "Linux-Kernel-Exploit Stack Smashing" [article] 2018, HitB: "Mirror

Linux Kernel Exploitation Pull requests are welcome Books 2014: "Android Hacker's Handbook" by Joshua J Drake 2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani Workshops 2020: "Android Kernel Exploitation" by Ashfaq Ansari [workshop] Exploitation Techniques 2020: "Structures that can be u

satellite-host-cve A script to list CVE's that are either installable or applicable for a host (or all hosts) within one organization Altough Satellite6 gives a nice way to handle errata, there are customers who need to have a view based on CVE's and not on security errata What does code do It lists all CVE's for a host, mapped across it's lifecycle path

linux-kernel-exploitation Books 2014: "Android Hacker's Handbook" by Joshua J Drake 2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani Workshops 2020: "pwncollege: Module: Kernel Security" [workshop] 2020: "Android Kernel Exploitation" by Ashfaq Ansari [workshop] Exploitation Techniqu

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

LinuxFlaw This repo records all the vulnerabilities of linux software I have reproduced in my local workspace If the vulnerability has both CVE-ID and EDB-ID, CVE-ID is preferred as its directory name All the vulnerable source code packages are stored in source-packages Vmware Workstation Images Image Name username password Ubuntu 810 exploit exploit Ubuntu 1004LTS

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Google Fixes Critical Android Mediaserver Bugs, Again
Threatpost • Tom Spring • 07 Mar 2016

Google today patched two critical holes in its problematic Android Mediaserver component which would allow an attacker to use email, web browsing, and MMS processing of media files to remotely execute code. With this latest vulnerability, Google has patched its Mediaserver more than two dozen times since the Stagefright vulnerability was discovered in August.
The patch is part of Google’s monthly over-the-air security update for Android Nexus devices. In total, Google identified 16 vuln...

Google Challenges Number of Android Devices Affected by Linux Flaw
Threatpost • Michael Mimoso • 21 Jan 2016

Google is downplaying the scope of the critical Linux vulnerability patched this week, suggesting that the number of affected Android devices has been exaggerated.
The Android OS is built upon the Linux kernel, but minus many of the libraries that are included in standard Linux builds. Initially, startup Perception Point said that upwards of two-thirds of Android devices would be affected by the vulnerability. The flaw, introduced into the Linux source code in 2012, could be abused by a lo...

How to get root on a Linux box, step 1: Make four billion system calls
The Register • Richard Chirgwin • 19 Jan 2016

Step 2: ??? Step 3: /#

Oh look, it's another Linux kernel bug that allows a local user to escalate themselves to root.
In exploiting CVE-2016-0728, discovered by Perception Point, “patience you must have,” because you have to cycle a 32-bit integer in the kernel around to zero. That means making 4,294,967,296 system calls to exploit the vulnerability.
Patches have been issued for affected distributions, which nixCraft lists as:
So, get updating your systems.
The problem exists in kernels co...

Serious Linux Kernel Vulnerability Patched
Threatpost • Michael Mimoso • 19 Jan 2016

A patch for a critical Linux kernel flaw, present in the code since 2012, is expected to be pushed out today.
The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, the company added.
“It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine,” Yevgeny Pats, cofounder and CEO of Percepti...

How to get root on a Linux box, step 1: Make four billion system calls
The Register • Richard Chirgwin • 19 Jan 2016

Step 2: ??? Step 3: /#

Oh look, it's another Linux kernel bug that allows a local user to escalate themselves to root.
In exploiting CVE-2016-0728, discovered by Perception Point, “patience you must have,” because you have to cycle a 32-bit integer in the kernel around to zero. That means making 4,294,967,296 system calls to exploit the vulnerability.
Patches have been issued for affected distributions, which nixCraft lists as:
So, get updating your systems.
The problem exists in kernels co...

References

NVD-CWE-Otherhttp://www.openwall.com/lists/oss-security/2016/01/19/2https://bugzilla.redhat.com/show_bug.cgi?id=1297475https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2http://source.android.com/security/bulletin/2016-03-01.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/81054http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.htmlhttps://bto.bluecoat.com/security-advisory/sa112http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0065.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.htmlhttp://www.ubuntu.com/usn/USN-2870-2http://www.ubuntu.com/usn/USN-2872-1http://rhn.redhat.com/errata/RHSA-2016-0068.htmlhttp://www.debian.org/security/2016/dsa-3448http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.htmlhttp://www.ubuntu.com/usn/USN-2872-3http://rhn.redhat.com/errata/RHSA-2016-0064.htmlhttp://www.ubuntu.com/usn/USN-2871-2http://www.ubuntu.com/usn/USN-2870-1http://www.ubuntu.com/usn/USN-2873-1http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.htmlhttp://www.ubuntu.com/usn/USN-2871-1https://www.exploit-db.com/exploits/39277/http://www.ubuntu.com/usn/USN-2872-2http://www.securitytracker.com/id/1034701https://security.netapp.com/advisory/ntap-20160211-0001/https://usn.ubuntu.com/2871-1/https://www.exploit-db.com/exploits/39277/https://nvd.nist.gov