Elevation of Privilege Vulnerability in the Performance Component (CVE-2016-0819)

Release Date:

May 13, 2016

Affected Projects:

Android for MSM

Advisory ID:

QCIR-2016-00008-1

CVE ID(s):

CVE-2016-0819

Summary:

CVE-2016-0819 A double-free in the performance component may result in elevation of privilege and execution of arbitrary code in the kernel. When a perf event is opened with the constraint_duplicate bit set, disabled, and then fd is closed, perf_release() causes the kernel to clean up the event as if it still were enabled, leading to the event being removed from a list twice.

Access Vector: Local

Security Risk: High

Access Vector: Local

Affected Versions:

Patch:

We advise customers to apply the following patches:

• https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=e32c1b1a3d368afe1b09e81b3087ab8810282e93

Note: This issue has been published in the Nexus Security Bulletin – April 2016 (https://source.android.com/security/bulletin/2016-04-02.html)

Acknowledgement:

This issue was reported to Google by a security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.

Revisions:

Initial revision

Contact: