Revision history [back]
 | 1 | initial version | posted 2017-07-13 15:17:27 +0200  |
Validate ashmem memory with fops pointer in kernel-ashmem CVE-2016-5340 critical
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. CVSS v3 Base Score: 8.4 High Access Vector: Locally exploitable
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/staging/android/ashmem.c lines 779-787; 831-853
| | 2 | No.2 Revision |
Validate ashmem memory with fops pointer in kernel-ashmem CVE-2016-5340 critical
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. CVSS v3 Base Score: 8.4 High Access Vector: Locally exploitable
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/staging/android/ashmem.c lines 779-787; 831-853831-853 (at least in line 841\sbj in the patch .compat_ioctl = compat_ashmem_ioctl, has to be changed to .compat_ioctl = ashmem_ioctl, I suggest)