Skip to content
Snippets Groups Projects
Commit b541a7d9 authored by Allen Huang's avatar Allen Huang Committed by Carol_Jiang
Browse files

anthias: security: CVE-2016-3768

Elevation of Privilege Vulnerability in Qualcomm Performance Component
(Device Specific)
CVE	Android bugs	Severity	Updated kernel versions
	Date reported
CVE-2016-3768	ANDROID-28172137	Critical	3.4, 3.10
	Apr 9, 2016

An elevation of privilege vulnerability in the Qualcomm performance
component could enable a local malicious application to execute
arbitrary code within the context of the kernel. This issue is rated as
Critical severity due to the possibility of a local permanent device
compromise, which may require reflashing the operating system to repair
the device.

ANDROID-28172137
(Qualcomm ref#: CR#1010644)
During a perf_event_enable, an event could be enabled on multiple
hw_events. However, during the perf_release, the event struct is freed
and only one hw_event is released. This could lead to dereferencing the
invalid pointer and Use-After-Free vulnerability.

The fix is designed to return an error in the case of event duplication.

Change-Id: Ica19b394c7d8adbedfa8...
parent 726e1807
No related branches found
No related tags found
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment