Critical Code Execution bug on Linux Silently Fixed - Root Level
A high severity security bug dubbed as CVE-2016-10229 exposes machines and gizmos to attacks via UDP network traffic.
Any software receiving data using the system call recv() with the MSG_PEEK flag set on a vulnerable kernel opens up the box to potential hijacking. The hacker would have to craft packets to trigger a second checksum operation on the incoming information, which can lead to the execution of malicious code within the kernel, effectively as root.
There is a good news that, there is no evidence of exploitation of the bug in wild. But Programs from the Nginx web server and wget to the Mirai botnet code and various others set the MSG_PEEK flag on some connections, leaving the underlying machine open to attack if the kernel is vulnerable.
Eric had already applied a short fixed on open source Linux kernel. But Google had released the patch this year for Android. Vendor like Samsung, LG had also issued a patch for it's devices.
This remote kernel-level code execution vulnerability in Linux, which sounds like the worst of the very worst, but it is pretty much patched by now. 😀
Now just update your kernel to get it fixed from this worst situation.