blob: 1f28e1a2a627d54b5b26e7d7af8275a6e15b8494 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: escalation of privileges (EoP) in ashmem_ioctl function in drivers/staging/android/ashmen.c
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1535199
https://source.android.com/security/bulletin/2018-01-01#asterisk
https://www.exploit-db.com/exploits/43464/
Notes:
jmm> Only present in drivers/staging/android/ashmem.c
carnil> not 100% certain I got the right commit, but that seems to be the
carnil> relevant change.
carnil> ashmem driver source-wise introduced in 3.3-rc1 with
carnil> 11980c2ac4ccfad21a5f8ee9e12059f1e687bb40
Bugs:
upstream: released (4.15-rc8) [443064cb0b1fb4569fe0a71209da7625129f]
4.9-upstream-stable: released (4.9.77) [c51d23dffc2e9ca05d611c86c440f9055541]
3.16-upstream-stable: released (3.16.54) [63aa20e4f4760249339c7771bd7e4a01d82a95ad]
3.2-upstream-stable: N/A "Vulnerable code introduced in 3.3-rc1"
sid: released (4.14.17-1)
4.9-stretch-security: released (4.9.80-1)
3.16-jessie-security: released (3.16.56-1)
3.2-wheezy-security: N/A "Vulnerable code not present"
|
