How To Patch and Protect Linux Kernel Zero Day Vulnerability CVE-2016-0728

Very serious security problem has been found in the Linux kernel. Local privilege escalation vulnerability has existed since 2012. This bug affects millions of Android or Linux applications to escalate privileges. Any server or desktop (32 or 64 bit) with Linux Kernel version 3.8+ is vulnerable. How do I fix this problem?

What is CVE-2016-0728 bug?

As per the original research post:

CVE-2016-0728 is caused by a reference leak in the keyrings facility. Before we dive into the details, let’s cover some background required to understand the bug. It can successfully escalates privileges from a local user to root.

A list of affected Linux distros

Is my Linux distro version affected by CVE-2016-0728? The “Possible use-after-free vulnerability in keyring facility, CVE-2016-0728” are as follows:

Red Hat Enterprise Linux 7
CentOS Linux 7
Scientific Linux 7
Debian Linux stable 8.x (jessie)
Debian Linux testing 9.x (stretch)
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP1
Ubuntu Linux 14.04 LTS (Trusty Tahr)
Ubuntu Linux 15.04 (Vivid Vervet)
Ubuntu Linux 15.10 (Wily Werewolf)
Opensuse Linux LEAP and version 13.2

How do I fix CVE-2016-0728 on Linux?

Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version:

# uname -a
Linux 3.10.0-123.20.1.el7.x86_64 #1 SMP Thu Jan 29 18:05:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# uname -mrs
Linux 3.10.0-123.20.1.el7.x86_64 x86_64

On Debian/Ubuntu:

# apt-get update && apt-get upgrade && apt-get dist-upgrade

After update is finished reboot the server.

On RHEL/Centos 7:

Run following command as soon as package to fix this vulnerability is released. More details at Redhat page.

# yum update

Reboot server when update is completed.


In order to check if patching is successful please compare your kernel version with the one before.