FPII-2075:Elevation of Privilege Vulnerability in Qualcomm Performance Component (Device Specific) CVE-2016-3768 ANDROID-28172137

An elevation of privilege vulnerability in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical severity due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.
Additional Technical Details:
ANDROID-28172137
(Qualcomm ref#: CR#1010644)
During a perf_event_enable, an event could be enabled on multiple hw_events. However, during the perf_release, the event struct is freed and only one hw_event is released. This could lead to dereferencing the invalid pointer and Use-After-Free vulnerability.
The fix is designed to return an error in the case of event duplication.

Change-Id: I172b99af9b9729539a4d3eaea8156a2bf4b87a71
2 files changed