Date: Mon, 21 Sep 2015 13:57:49 -0400 From: Daniel Micay <danielmicay@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Further evidence that PaX/grsecurity are extremely important. CVE-2015-1800 is prevented by the STRUCTLEAK GCC plugin. The CVE-2015-1801 issues would have been caught by the ARM port of UDEREF in non-exploit usage. I'd guess that a port of UDEREF to an Android kernel would uncover more of these. It's sad that Samsung never addressed this. I guess they might now that there's a CVE, as vendors generally only backport security fixes when it becomes an image problem. Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ