FPII-2615: Information disclosure vulnerability in kernel components (device specific)
CVE-2016-8404 A-31496950
An information disclosure vulnerability in kernel components including the ION subsystem, Binder,
USB driver and networking subsystem could enable a local malicious application to access data
outside of its permission levels. This issue is rated as Moderate because it first requires
compromising a privileged process.
Additional technical details:
Bug Details
A-31494725
A-31495231
A-31495348
A-31496950
A-31796940
A-31802656
The format specifier %p can leak kernel addresses.
The fix is designed to use %pK instead of %p, which also evaluates whether kptr_restrict is set.
Change-Id: I0519a15d56caf0368eeb24d727ab0ad78b53d34f
1 file changed