A recently disclosed vulnerability in version 3.14.5 of the Linux kernel is also present in most versions of Android. Researchers at Lacoon Mobile Security are calling the bug TowelRoot because it is the very same vulnerability (CVE-2014-3153) exploited in the latest Android rooting tool developed by George Hotz (Geohot) The vulnerability exists in Android version 4.4 and earlier, and is therefore present on nearly every commercial build, including the wildly popular Samsung Galaxy S5.
Source: https://threatpost.com/android-root-access-vulnerability-affecting-most-devices/106683/