Preserve the user r/w register TPIDRURW on context switch and fork in kernel-arch-arm CVE-2014-9870 remote
asked 2017-07-27 13:01:32 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044. CVSS v3 Base Score: 7.8high (attack range: remote)
Patch is available
files affected: kernel-adaptation-sbj-3.4.108.20161101.1/arch/arm/include/asm/ thread_info.h, tls.h
kernel-adaptation-sbj-3.4.108.20161101.1/arch/arm/kernel/ entry-armv.S, process.c, ptrace.c, traps.c
@jovirkku this should have a "tracked by jolla" label
lpr ( 2017-09-19 09:37:37 +0200 )edit