Reference 2: http://arstechnica.com/security/2016/01 ... id-phones/
Reference 3: https://plus.google.com/+AdrianLudwig/posts/KxHcLPgSPoY
Recently, security firm Perception Point discovered a vulnerability introduced in Linux Kernel version 3.8, dubbed CVE-2016-0728.
Be on the lookout for a patch in the near future.The flaw, which was introduced into the Linux kernel in version 3.8 released in early 2013, resides in the OS keyring. The facility allows apps to store encryption keys, authentication tokens, and other sensitive security data inside the kernel while remaining in a form that can't be accessed by other apps. According to a blog post published Tuesday, researchers from security firm Perception Point discovered and privately reported the bug to Linux kernel maintainers. To demonstrate the risk the bug posed, the researchers also developed a proof-of-concept exploit that replaces a keyring object stored in memory with code that's executed by the kernel.