security-advisory@quicinc.com
CONFIG_STRICT_MEMORY_RWX is not strictly enforced (CVE-2013-4737)
Release Date:
September 15, 2013
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2013-00006-1
CVE ID(s):
Summary:
The following security vulnerability has been identified in the implementation of the CONFIG_STRICT_MEMORY_RWX feature. CVE-2013-4737: If CONFIG_STRICT_MEMORY_RWX is set, the first section (containing the kernel page table and the initial code) and the section containing the init code are both given RWX permission. This effectively bypasses the intention of this this feature and eases exploitation of kernel vulnerabilities by providing readable, writeable and executable memory at a known location.
Access Vector: Local/Remote
Security Risk: High
Access Vector: Local/Remote
Affected Versions:
All Android releases from CAF using the Linux kernel from the following heads: msm-3.*, jb*, ics* (Note: Because the patch is making use of additional padding of the memory sections, it results in approximately using 1900kB additional memory for the kernel)
Patch:
We advise customers to apply the following patch:
Acknowledgement:
Qualcomm Innovation Center, Inc. (QuIC) thanks Georg Wicherski of CrowdStrike for reporting the related issues and working with QuIC to help improve Android device security.
Revisions:
Initial revision