Elevation of Privilege Vulnerability in the Performance Component (CVE-2016-0819)

Release Date:

May 13, 2016

Affected Projects:

Android for MSM

Advisory ID:

QCIR-2016-00008-1

CVE ID(s):

CVE-2016-0819

Summary:

CVE-2016-0819 A double-free in the performance component may result in elevation of privilege and execution of arbitrary code in the kernel. When a perf event is opened with the constraint_duplicate bit set, disabled, and then fd is closed, perf_release() causes the kernel to clean up the event as if it still were enabled, leading to the event being removed from a list twice.

Access Vector: Local
Security Risk: High
Access Vector: Local

Affected Versions:

Patch:

We advise customers to apply the following patches:

Note: This issue has been published in the Nexus Security Bulletin – April 2016 (https://source.android.com/security/bulletin/2016-04-02.html)

Acknowledgement:

This issue was reported to Google by a security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com