oss-sec mailing list archives
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption
From: Daniel Micay <danielmicay () gmail com>
Date: Tue, 22 Mar 2016 19:00:04 -0400
Apparently, this vulnerability is being used to root older Android devices, and as a result it has just been fixed for older Android:
Most new Android devices are also vulnerable to it. The Nexus 6, 9, 5X and 6P use 3.10, while older devices like the Nexus 5 use 3.4. There isn't a Nexus device with 3.18, only the Pixel C and very few third party devices. Google's kernels aren't based on the upstream stable branches and they missed this fix. They've surely missed a lot more too.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Scotty Bauer (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Daniel Micay (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 26)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Scotty Bauer (Mar 22)