Skip to main content
  1. Home
  2. Computing
  3. News

A serious Linux privilege-escalation bug has been in the wild for nine years

Mark Coppock
By

best linux distros
Spectral-Design/Shutterstock
There’s a Linux vulnerability in the wild that’s apparently been residing in just about every Linux version for the last nine years, and Linux users will want to install a patch as soon as possible.

The exploit is titled CVE-2016-5195, and it’s a privilege-escalation bug as opposed to a code-execution vulnerability, as Ars Technica reports. That makes it theoretically less serious, but nevertheless, researchers aren’t taking it lightly. In part, it’s considered a serious threat because it resides in a Linux kernel section that’s used by almost all Linux distributions. And the bug is apparently being actively used by malicious parties in the real world.

According to Dan Rosenberg, senior researcher at Azimuth Security, “It’s probably the most serious Linux local privilege escalation ever. The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” As of right now, Linux distributions are in various stages of receiving patches, after an official patch was developed by the official Linux kernel maintainers.

The exploit in question is one that can allow an attacker to gain greater levels of control over a targeted machine. For example, a user with otherwise limited access to a web-hosting provider’s server can use the exploit to gain deeper shell access, and then leverage that access to attack other users of the server or even server admins. Privilege-escalation vulnerabilities can also be combined with other exploits, such as SQL injection bugs, to run malicious code that they would normally be unable to execute.

Linux developer Phil Oester was the first to discover the bug, as indicated on a site that provides more information on the exploit. For now, you’ll want to check in with the maintainers of your particular Linux distribution and see if a patch is available. If it is, then you’ll want to apply it immediately to avoid seeing your Linux system suffer an attack.

Editors' Recommendations

This new Windows 11 feature will help you protect your passwords
A man sits, using a laptop running the Windows 11 operating system.
Instagram is building a ‘nudity protection’ tool for your DMs
Instagram app on the Google Play Store on an Android smartphone.
Hackers may be hiding in plain sight on your favorite website
A depiction of a hacked computer sitting in an office full of PCs.
Malwarebytes resolves error that was blocking Google this morning
malwarebytes shows av firms failing customers keyboard virus mem2
Cooler Master’s new quantum dot mini-LED gaming monitors look incredible
Cooler Master 27-inch Tempest gaming monitors were announced today and will release later this year.
AMD Ryzen 7000 vs. Intel Raptor Lake
AMD Ryzen processor render.
Dell’s best work-from-home laptop is over $600 cheaper today
The Dell Vostro 3510 laptop with a nature scene on the display.
Creative’s Katana V2X PC soundbar promises the same sound in a smaller footprint
A render of the Katana V2X against a dark background.
Best Prime Day Laptop Deals: What to expect from the second sale
Prime Day 2022 laptop deals graphic.
Tesla set to unveil working humanoid robot for the first time on September 30
The Tesla Suit Optimus with a black background.
MNT Pocket Reform is a complete Linux laptop in 7 inches
MNT Pocket Reform is a complete laptop in 7 inches.
If the Mac gets a Dynamic Island, I’m not sure I want it
A mockup of a MacBook Pro with an iPhone-style Dynamic Island replacing the menu bar at the top of the screen.
Grab this Lenovo ThinkPad laptop deal and save over $1,400!
The ThinkPad X1 Carbon Gen 10 laptop, opened with a colorful wallpaper on the screen.