When processing the IPC_ROUTER_IOCTL_LOOKUP_SERVER ioctl, a lookup that returns few entries results in a large disclosure of uninitialized kernel heap memory.
Access Vector: Local
Security Risk: Medium
Vulnerability: CWE-126 (Buffer Over-read)
All Android releases from CAF using the Linux kernel.
We advise customers to apply the following patches:
Please reference Google's January 2016 Nexus Security Advisory. This issue is ANDROID- 24157888.