Information Disclosure Vulnerability in Kernel IPC Router Module (CVE-2015-6642)

Release Date:

April 20, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2016-00006-1

CVE ID(s):

CVE-2015-6642

Summary:

CVE-2015-6642: When processing the IPC_ROUTER_IOCTL_LOOKUP_SERVER ioctl, a lookup that returns few entries results in a large disclosure of uninitialized kernel heap memory.

Access Vector: Local
Security Risk: Medium
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Acknowledgement:

Please reference Google's January 2016 Nexus Security Advisory. This issue is ANDROID- 24157888.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com