Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption

[Scotty Bauer <sbauer () eng utah edu>]

On 03/22/2016 02:58 PM, Solar Designer wrote:
> Apparently, this vulnerability is being used to root older Android
> devices, and as a result it has just been fixed for older Android:
>
> https://source.android.com/security/advisory/2016-03-18.html
>
> "Google has become aware of a rooting application using an unpatched
> local elevation of privilege vulnerability in the kernel on some Android
> devices (CVE-2015-1805).  For this application to affect a device, the
> user must first install it.  We already block installation of rooting
> applications that use this vulnerability - both within Google Play and
> outside of Google Play - using Verify Apps, and have updated our systems
> to detect applications that use this specific vulnerability.
>
> To provide a final layer of defense for this issue, partners were
> provided with a patch for this issue on March 16, 2016.  Nexus updates
> are being created and will be released within a few days.  Source code
> patches for this issue have been released to the Android Open Source
> Project (AOSP) repository."
>
> The advisory above includes a bit more information, including links to
> AOSP commits, but no information on how the vulnerability is exploited,
> nor even the names of the "rooting applications".
>
> I heard of this from a tweet by @DaveManouchehri, asking for "the APK
> (or name) of the app that's exploiting CVE-2015-1805" - unfortunately, I
> have no answer.

Kingroot is the application it was discovered in by the Zimperium folks.