oss-sec mailing list archives
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption
From: Scotty Bauer <sbauer () eng utah edu>
Date: Tue, 22 Mar 2016 15:04:50 -0600
On 03/22/2016 02:58 PM, Solar Designer wrote:
Apparently, this vulnerability is being used to root older Android devices, and as a result it has just been fixed for older Android: https://source.android.com/security/advisory/2016-03-18.html "Google has become aware of a rooting application using an unpatched local elevation of privilege vulnerability in the kernel on some Android devices (CVE-2015-1805). For this application to affect a device, the user must first install it. We already block installation of rooting applications that use this vulnerability - both within Google Play and outside of Google Play - using Verify Apps, and have updated our systems to detect applications that use this specific vulnerability. To provide a final layer of defense for this issue, partners were provided with a patch for this issue on March 16, 2016. Nexus updates are being created and will be released within a few days. Source code patches for this issue have been released to the Android Open Source Project (AOSP) repository." The advisory above includes a bit more information, including links to AOSP commits, but no information on how the vulnerability is exploited, nor even the names of the "rooting applications". I heard of this from a tweet by @DaveManouchehri, asking for "the APK (or name) of the app that's exploiting CVE-2015-1805" - unfortunately, I have no answer.
Kingroot is the application it was discovered in by the Zimperium folks.
Current thread:
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Scotty Bauer (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Daniel Micay (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 26)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Scotty Bauer (Mar 22)