The following security vulnerability has been identified in the Linux kernel API.
The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This functionality was originally implemented and controlled by the domain switching feature (CONFIG_CPU_USE_DOMAINS), which has been deprecated due to architectural changes. As a result, any kernel code using these API functions may introduce a security issue where none existed before. This allows an application to read and write kernel memory to, e.g., escalated privileges.
Access Vector: local
Security Risk: high
Vulnerability: CWE-20 (improver input validation)
All Android releases from CAF using the Linux kernel from the following heads:
We advise customers to apply the following patches:
This vulnerability is exploited in the wild and has been observed to be used in the public vroot exploit.