oss-sec mailing list archives
Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities
From: Daniel Micay <danielmicay () gmail com>
Date: Mon, 21 Sep 2015 13:57:49 -0400
Further evidence that PaX/grsecurity are extremely important. CVE-2015-1800 is prevented by the STRUCTLEAK GCC plugin. The CVE-2015-1801 issues would have been caught by the ARM port of UDEREF in non-exploit usage. I'd guess that a port of UDEREF to an Android kernel would uncover more of these. It's sad that Samsung never addressed this. I guess they might now that there's a CVE, as vendors generally only backport security fixes when it becomes an image problem.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Samsung S4 (GT-I9500) multiple kernel vulnerabilities Jonathan Salwan (Sep 21)
- Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
- Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
- Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
- Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Florian Weimer (Sep 22)
- Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 22)
- Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
- Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)