Now it seems the hole is under active exploit, according to researchers who are advising users to install a patch as soon as possible.
Dan Rosenberg, a senior researcher at Azimuth Security, told Ars Technica that it was the most serious Linux local privilege escalation ever.
The underlying bug was patched this week by the maintainers of the official Linux kernel and downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as “important”.
Attacks exploiting this specific vulnerability were found by Linux developer Phil Oester who discovered it using an HTTP packet capture.
It took him less than five seconds to get total control.