Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Mar 2016 19:00:04 -0400
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun
 leading to memory corruption

> Apparently, this vulnerability is being used to root older Android
> devices, and as a result it has just been fixed for older Android:

Most new Android devices are also vulnerable to it. The Nexus 6, 9, 5X
and 6P use 3.10, while older devices like the Nexus 5 use 3.4. There
isn't a Nexus device with 3.18, only the Pixel C and very few third
party devices.

Google's kernels aren't based on the upstream stable branches and they
missed this fix. They've surely missed a lot more too.
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ