Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 4c3b7321fcc78edf1fcec011378d0cc9c14ad9ce
commit4c3b7321fcc78edf1fcec011378d0cc9c14ad9ce[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Tue Nov 22 16:31:48 2016 +0800
committerDirk Vogt <dirk@fairphone.com>Thu Feb 16 15:29:34 2017 +0100
treefbb62ffb698c2cfb01c5eee445d47d588ae9a399
parent5716608dfeec3ea81b14f16a669e6ad02955512b [diff]
FPII-2616: Information disclosure vulnerability in kernel components (device specific)
CVE-2016-8405 A-31651010

An information disclosure vulnerability in kernel components including the ION subsystem,
Binder, USB driver and networking subsystem could enable a local malicious application to
access data outside of its permission levels. This issue is rated as Moderate because it
first requires compromising a privileged process.

Additional technical details:

A-31651010
There is no validation of the to->start variable to check if it is negative leading to a potential information disclosure.

The fix is designed to add additional validation to prevent the potential information disclosure.

Change-Id: I21f04f107930a417b6ca876b8028c1465f0f90f2
1 file changed
tree: fbb62ffb698c2cfb01c5eee445d47d588ae9a399
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS