Why Should This Issue Be Considered Important?
Since this issue has existed since 2012 but has only been recently discovered the number of Linux and Google Android systems affected is very high (most likely millions of servers and workstations) and any Android using version 4.4 (KitKat and older). A more comprehensive list of affected devices is available within this blog post by Liquid Web.
The vulnerability exists in the keyrings feature of the kernel that is used to manage encryption keys, authentication keys etc. within Linux. This issue exists due to both an integer overflow (defined) which can then be used to exploit use-after-free issue. In addition, Perception Point in their detailed blog post on this issue describe it pretty easy to exploit. In addition, Red Hat mentions that there is no workaround available for this issue.
How Can I Protect Myself From This Issue?
Details of how to check if your Linux device is vulnerable to this issue are provided in the previously mentioned blog post by LiquidWeb. They also provide steps on how to update your RedHat and CentOS devices.
Perception Point mentions that security mitigations such as SMEP (Supervisor Mode Execution Protection, also discussed here) and SMAP Supervisor Mode Access Prevention will make exploitation of this issue more difficult.
If your Linux device is found to be vulnerable continue to check for updates until one becomes available that resolves this issue. You can check for updates for your Linux device by using the Package Manager bundled with your Linux distribution (see this link(Debian) and this link (Ubuntu) that should assist you in using the package manager for your distribution of Linux).
Specific information for some of the affected versions of Linux are provided below:
- RedHat (blog post with FAQ also provided)
- SUSE (knowledge base article and mailing list threads here and here)
- Google Android (my thanks to LiquidWeb for this convenient link)
A very useful tutorial for updating your Linux system against this specific issue (detailing a larger number of the distributions) is located here. Once the update is installed you will need to restart/reboot the Linux device to have the update take effect.