Information Disclosure Vulnerability in Kernel IPC Router Module (CVE-2015-6642)

Release Date: 
April 20, 2016
Advisory ID: 
QCIR-2016-00006-1
Summary: 

CVE-2015-6642:
When processing the IPC_ROUTER_IOCTL_LOOKUP_SERVER ioctl, a lookup that returns few entries results in a large disclosure of uninitialized kernel heap memory.

Access Vector: Local
Security Risk: Medium
Vulnerability: CWE-126 (Buffer Over-read)

Affected versions
All Android releases from CAF using the Linux kernel.

Acknowledgement: 

Please reference Google's January 2016 Nexus Security Advisory. This issue is ANDROID- 24157888.

Revisions: 

Initial revision

Contact: 
security-advisory@quicinc.com