Phil Oester is a network admin and security researcher who uncovered the flaw while capturing HTTP traffic on a server that seemed to have been hacked. He explained that this security issue has been around since 2007, and is now likely to become more widespread. Oester said:A kernel patch is already available and it's already patched on some of the major Linux distributions. The bad news is that there are millions of devices out there that will likely never receive an update for this, including the countless Android phones that receive no manufacturer updates.
The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8. As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP.
Via: Neowin