Zero-day vulnerabilities discovered: 2
Privilege escalation
The vulnerability allows a local user to obtain elevated privileges on the target system.The vulnerability was discovered by security researcher Phil Oester and is called "DIRTY COW".
It is believed that the vulnerability was being exploited in the wild for quite some time.
Software: Linux kernel
Links:
https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/linux-4.9-rc2.tar.xz
https://dirtycow.ninja/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05352241
https://en.wikipedia.org/wiki/Dirty_COW
http://unix.stackexchange.com/questions/317981/dirty-cow-exploit-cve-2016-5195/318046
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
http://www.techinformant.in/dirty-cow-cve-2016-5195-vulnerability/
http://thehackernews.com/2016/10/linux-kernel-exploit.html
http://news.softpedia.com/news/linux-kernel-zero-day-cve-2016-5195-patched-after-being-deployed-in-l...
http://securityaffairs.co/wordpress/52521/hacking/dirty-cow-exploit.html
http://www.informationsecuritybuzz.com/expert-comments/dirty-cow-linux-vulnerability/
Use-after-free error
The vulnerability allows a local attacker to gain elevated privileges on the target system.The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.
The vulnerability has existed since 2012, but was disclosed in January, 2016.
Software: Linux kernel
Links:
http://thehackernews.com/2016/01/linux-kernel-hacker.html
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-...
https://www.cyberciti.biz/faq/linux-cve-2016-0728-0-day-local-privilege-escalation-vulnerability-fix...
http://williamdurand.fr/2016/01/21/patching-linux-kernel-raspbian/
http://securityaffairs.co/wordpress/43758/hacking/linux-kernel-vulnerability-fixed.html
http://www.pcworld.com/article/3023870/security/linux-kernel-flaw-endangers-millions-of-pcs-servers-...
https://syslint.com/blog/tutorial/new-linux-kernel-zero-day-exploit-vulnerability-cve-2016-0728/
https://l3net.wordpress.com/2016/01/20/firejail-target-practice-cve-2016-0728/
https://threatpost.com/serious-linux-kernel-vulnerability-patched/115923/
http://www.securityweek.com/linux-kernel-flaw-puts-millions-devices-risk