A zero-day vulnerability in the Linux kernel was disclosed a few days ago, and that usually spells bad news for anything based on Linux. That includes Android, of course. When Perception Point announced the exploit (CVE-2016-0728), it claimed 66% of Android devices were affected. Google's Adrian Ludwig says the real number is much, much smaller.

This exploit is entirely dependent on a configuration flag called CONFIG_KEYS, which has been present in all Linux kernels since 3.8—that's probably where Perception Point gets its 66% figure. It could be used by an attacker to gain root access on a device, but it requires a lot of processing time. Importantly, the recommended configuration for the Android Linux kernel has CONFIG_KEYS disabled, so that's mostly moot.


Ludwig says Nexus devices aren't affected, and anything running Android 5.0 or higher should also be fine thanks to SELinux. That prevents third-party apps from interfacing with the kernel in the necessary way. The only potential issue is on older devices that are still running Android 4.4 or earlier, have Linux kernel 3.8 or newer, and have CONFIG_KEYS turned on. Phones with older Android builds based on the newer kernel are extremely rare (and probably won't get patched anyway).

Google has developed a patch for CVE-2016-0728 and is investigating the issue further to determine the true scale of the problem. The patch has been rolled into the March 1st security update. All devices with that patch level or later will be protected from the exploit. Better safe than sorry.