The flaw is said to affect "tens of millions" of Linux PCs and servers, and most modern devices running the latest Android KitKat 4.4 software and later.
A new, previously undiscovered flaw that allows an attacker to escalate local user privileges to the highest "root" level is said to hit "tens of millions" of Linux PCs and servers.
Because some of the code is shared, the zero-day flaw also affects more than two-thirds of all Android devices.
Israeli security firm Perception Point disclosed the flaw in a blog post Tuesday, but it wasn't immediately clear if the bug had been privately reported to Google, which develops the Android software.
Perception Point did not immediately return a request for comment.
The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher.