add missing access checks in kernel-arm-oabi_compat CVE-2016-3857 remote

Tracked by Jolla (Rejected)

asked 2017-10-06 15:17:06 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-10-06 15:17:06 +0200

lpr gravatar image

The kernel in Android before 2016-08-05 allows attackers to gain privileges via a crafted application, aka internal bug 28522518.

commit 7de249964f5578e67b99699c5f0b405738d820a2 upstream. Add access checks to sys_oabi_epoll_wait() and sys_oabi_semtimedop(). This fixes CVE-2016-3857, a local privilege escalation under CONFIG_OABI_COMPAT.

7.8high (attack range: remote)

Kernel-3.2-Patch available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/arch/arm/kernel/sys_oabi-compat.c lines 275-282; 313-318

edit retag flag offensive close delete