color map copying bounds checking in kernel-drivers-video-fbdev CVE-2016-8405
Tracked by Jolla
(In progress)
asked 2017-05-03 12:18:43 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Android ID: A-31651010.
Patch is available.
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/video/fbcmap.c lines 164-176; 188-202
edit 20171113: just a reminder...