The following security vulnerabilities have been identified:
There is a possible race condition when debugfs files are concurrently accessed by multiple threads and shared file pointer may lead to improper data retrieval and hence possible kernel data leak.
Access Vector: Local
Security Risk: Medium
Vulnerability: CWE-200 Information Exposure
All Android releases from CAF using the Linux kernel.
We advise customers to apply the following patches:
This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.