Date: Mon, 21 Sep 2015 13:57:49 -0400 From: Daniel Micay <danielmicay@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Further evidence that PaX/grsecurity are extremely important. CVE-2015-1800 is prevented by the STRUCTLEAK GCC plugin. The CVE-2015-1801 issues would have been caught by the ARM port of UDEREF in non-exploit usage. I'd guess that a port of UDEREF to an Android kernel would uncover more of these. It's sad that Samsung never addressed this. I guess they might now that there's a CVE, as vendors generally only backport security fixes when it becomes an image problem. Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.