We have moved to a new Sailfish OS Forum. Please start new discussions there.

Revision history [back]

click to hide/show revision 1
initial version

posted 2017-10-06 15:17:06 +0200

lpr gravatar image

add missing access checks in kernel-arm-oabi_compat CVE-2016-3857 remote

The kernel in Android before 2016-08-05 allows attackers to gain privileges via a crafted application, aka internal bug 28522518.

commit 7de249964f5578e67b99699c5f0b405738d820a2 upstream. Add access checks to sys_oabi_epoll_wait() and sys_oabi_semtimedop(). This fixes CVE-2016-3857, a local privilege escalation under CONFIG_OABI_COMPAT.

7.8high (attack range: remote)

Kernel-3.2-Patch available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/arch/arm/kernel/sys_oabi-compat.c lines 275-282; 313-318

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49