oss-sec mailing list archives

Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities

From: Daniel Micay <danielmicay () gmail com>
Date: Mon, 21 Sep 2015 13:57:49 -0400

Further evidence that PaX/grsecurity are extremely important.

CVE-2015-1800 is prevented by the STRUCTLEAK GCC plugin.

The CVE-2015-1801 issues would have been caught by the ARM port of
UDEREF in non-exploit usage. I'd guess that a port of UDEREF to an
Android kernel would uncover more of these.

It's sad that Samsung never addressed this. I guess they might now that
there's a CVE, as vendors generally only backport security fixes when it
becomes an image problem.

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Samsung S4 (GT-I9500) multiple kernel vulnerabilities Jonathan Salwan (Sep 21)
- Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
  - Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
    - Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
    - Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Florian Weimer (Sep 22)
    - Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 22)