Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 2a7a7d52d68499ed56ed26f8b20d352c7a484577
commit2a7a7d52d68499ed56ed26f8b20d352c7a484577[log] [tgz]
authorc.wang <c.wang2@hi-p.com>Tue Jun 21 18:18:55 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Fri Aug 12 11:44:36 2016 +0200
tree8b8de4eb65a13d33ca198c320094a87fbce60d3e
parent4ae27e5d45dddba5c2d5a311b165eece5a721ce5 [diff]
FPII-2075:Elevation of Privilege Vulnerability in Qualcomm Performance Component (Device Specific) CVE-2016-3768 ANDROID-28172137

An elevation of privilege vulnerability in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical severity due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.
Additional Technical Details:
ANDROID-28172137
(Qualcomm ref#: CR#1010644)
During a perf_event_enable, an event could be enabled on multiple hw_events. However, during the perf_release, the event struct is freed and only one hw_event is released. This could lead to dereferencing the invalid pointer and Use-After-Free vulnerability.
The fix is designed to return an error in the case of event duplication.

Change-Id: I172b99af9b9729539a4d3eaea8156a2bf4b87a71
2 files changed
tree: 8b8de4eb65a13d33ca198c320094a87fbce60d3e
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS