anthias: security: CVE-2016-3843 (ANDROID-29119870)
Elevation of privilege vulnerability in kernel performance subsystem CVE Reference Severity Updated AOSP versions Date reported CVE-2016-3843 ANDROID-29119870 High 6.0, 6.1 Google internal Elevation of privilege vulnerabilities in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because of the kernel attack surface available for attackers to exploit. Note: This is a platform level update designed to mitigate a class of vulnerabilities such as CVE-2016-3843 (ANDROID-28086229). Kernel patches for versions 3.4, 3.10 and 3.18 are required in addition to the AOSP patches. A code snippet for the kernel patch is provided in the bulletin patches zip file on Google Drive. Additional technical details: Bug Details ANDROID-29119870 The kernel performance subsystem is intended for developers and should not be exposed by default on production builds. ...
Showing
- Documentation/sysctl/kernel.txt 28 additions, 14 deletionsDocumentation/sysctl/kernel.txt
- android/configs/android-base.cfg 6 additions, 0 deletionsandroid/configs/android-base.cfg
- arch/arm/configs/WI500Q_User_apq8026-lw-perf_defconfig 1 addition, 0 deletionsarch/arm/configs/WI500Q_User_apq8026-lw-perf_defconfig
- arch/arm/configs/WI500Q_Userdebug_apq8026-lw_defconfig 1 addition, 0 deletionsarch/arm/configs/WI500Q_Userdebug_apq8026-lw_defconfig
- include/linux/perf_event.h 5 additions, 0 deletionsinclude/linux/perf_event.h
- kernel/events/core.c 6 additions, 2 deletionskernel/events/core.c
- security/Kconfig 9 additions, 0 deletionssecurity/Kconfig
- tools/perf/util/evsel.c 10 additions, 7 deletionstools/perf/util/evsel.c
Please register or sign in to comment