A local privilege escalation vulnerability is found in the Linux kernel 3.8 or later. A memory leak flaw exists in the Linux keyrings facility that manages key security data, authentication details and encryption keys could be exploited to expose cached sensitive information. A local attacker could obtain root privilege by running a specially crafted application locally.
Successful exploitation could lead to elevation of privilege or compromise of a vulnerable system.
The vulnerability is fixed in some of the Linux distributions. Linux system administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, upgrade to the fixed versions or follow the recommendations provided by the product vendors to mitigate the risk. Lists of affected Linux distribution and fixed version are available in the following URL:
http://www.cyberciti.biz/faq/linux-cve-2016-0728-0-day-local-privilege-escalation-vulnerability-fix/
Android users are advised to stay alert on the availability of patches from related mobile manufacturers. As interim measures as well as security best practices, users are reminded not to visit suspicious websites, nor follow URL links or download apps from un-trusted sources, emails or instant messages to avoid malware infection by malicious websites or phishing emails.
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
http://www.cyberciti.biz/faq/linux-cve-2016-0728-0-day-local-privilege-escalation-vulnerability-fix/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
https://www.suse.com/security/cve/CVE-2016-0728.html
https://access.redhat.com/security/cve/CVE-2016-0728
https://www.debian.org/security/2016/dsa-3448