An unpleasant local kernel vulnerability
Perception Point disclosesa use-after-free vulnerability in the kernel's keyring subsystem; it isexploitable for local privilege escalation. "If a process causes thekernel to leak 0x100000000 references to the same object, it can latercause the kernel to think the object is no longer referenced andconsequently free the object. If the same process holds another legitimatereference and uses it after the kernel freed the object, it will cause thekernel to reference deallocated, or a reallocated memory. This way, we canachieve a use-after-free, by using the exact same bug from before. A lothas been written on use-after-free vulnerability exploitation in thekernel, so the following steps wouldn't surprise an experiencedvulnerability researcher." This bug, introduced in 3.8, looks likea good one to patch quickly; of course, for vast numbers of users of mobile and embeddedsystems, that may not be an option.